Stay informed about the acquisition of Public Interest Registry

by Ethos Capital

Home / Industry

Phishing Attacks Still Haunt Banking Institutions: How Can Domain Reputation Checks Help?

Phishing attacks continue to post an upward trend. Over the years, phishers have improved their methods, using very convincing domains to bait victims into their schemes.

In fact, a 2019 phishing trends and intelligence report recorded a steady rise in the volume of phishing attacks. It stated that in 2018, for instance, the U.S. phishing activity grew by 40.9%, more than double the 2015 number. Unsurprisingly, 28.9% of these phishing attacks targeted financial institutions.

In this post, we looked at why banking institutions remain a top phishing target. Plus, we explored how they can avoid becoming part of phishing attacks through the use of Domain Reputation API.

Banks Are Still among the Most Favored Phishing Targets, Why?

One primary reason: money. Hackers who can get access to an individual's banking account or the internal network of a financial institution often "hit the jackpot."

And cybercriminals do not even need to be that tech-savvy. They can easily connect with groups on the Dark Web to purchase ready-made malware that they can then use for their attacks. Or they can send emails from a typosquatted domain that seems innocent enough to make recipients click on a link enticing them to disclose their passwords (e.g., during a fake request for password reset).

A possible reason for the prevalence of phishing attacks is the widespread availability of free web hosting services. Many financial phishing sites use free web hosts. In the past four years alone, the use of free hosting services steadily increased from 3% in 2015 to 13.8% in 2018. Free hosting allows hackers to set up phishing sites without shelling out any money. Also, they don't even need to purchase a domain since they can use free subdomains.

Our Investigative Tool: Domain Reputation API

We looked at PhishTank to see if there are valid phishing sites that remain accessible online and stumbled upon https://chase-financial9w[.]com/home/myaccount/index[.]html. Anyone who doesn't scrutinize URLs before clicking may think this particular link is owned by Chase Bank, one of the biggest banks in the U.S., and so become a phishing victim.

Apart from registering a meager score of 74.58, below the ideal score of 100, the tool also posted several warnings that indicate phishing, such as:

  • The domain was registered only two days ago (at the time of writing). Any reputable banking institution has been in the business for years, and so should have a relatively old domain.
  • The domain is a verified phishing site on PhishTank.

Companies that wish to protect their employees from phishing attacks can integrate Domain Reputation API into their security solutions. It can block access to sites with low reputation scores and other telltale signs of phishing.

Also, a comparison of the spoofed domain's WHOIS registration details with those of a domain name actually owned by Chase Bank via WHOIS Search revealed huge differences:

Known phishing domain: https://chase-financial9w[.]com/home/myaccount/index[.]html

Legitimate Chase Bank domain: https://chase-financial[.]com/home/myaccount/index.html

While both domains used HTTPS ( typically a sign of website security) and were registered in the U.S., the fake site's WHOIS record doesn't reveal much about its owner. Banks and other reliable companies typically show their contact details. Lack of information can be an evasion tactic. Whatever the reason is, it's clear that the two sites have different owners.

* * *

Banks and other financial institutions won't be less targeted by phishers anytime soon. In addition to making customers aware of the various social engineering tactics that phishers employ, solutions like Domain Reputation API and WHOIS Search can help tell a real site from a fake one.

WhoisXML API

About WhoisXML API – Whois API, Inc. (whoisxmlapi) is a big data and API company that provides domain research & monitoring, Whois, DNS, IP, and threat intelligence API, data and tools to a variety of industries.  Visit Page

Follow CircleID on
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

IP Addressing

Sponsored byAvenue4 LLC

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byAppdetex

Cybersecurity

Sponsored byVerisign

DNS Security

Sponsored byAfilias

Whois

Sponsored byWhoisXML API

Cybercrime

Sponsored byThreat Intelligence Platform

New TLDs

Sponsored byAfilias