Thales Cloud Protection & Licensing

APRIL 22, 2025

This surge could be down to threat actors using AI and ML to automate credential stuffing and phishing, making them progressively sophisticated and more complicated to uncover. Block known proxy services to stop bots masking their activity. The table below summarizes these recommendations and maps them to Thales solutions.

Digital transformation 62

Digital transformation Accountability Risk Internet 62

Centraleyes

MARCH 13, 2025

If you’re part of the financial services ecosystem hereor interact with businesses regulated by the New York State Department of Financial Servicesyouve likely come across the NYDFS Cybersecurity Regulation. Multi-factor authentication (MFA) and role-based access controls are your best friends here.

Cybersecurity 52

Cybersecurity Financial Services Risk Encryption 52

Webroot

APRIL 22, 2025

Financial services industry: Banks, insurance companies and other financial organizations offer a wealth of opportunity for hackers who can use stolen bank account and credit card information for their own financial gain. In 2024, there were 14 data breaches involving 1 million or more healthcare records.

Data breaches 72

Data breaches Identity Theft Passwords eCommerce 72

Zero Day

JUNE 20, 2025

And while financial costs may be a factor, individual victims may face targeted phishing campaigns, social engineering schemes, identity theft, and damage to credit. You must also inform your bank or financial services provider so they can be on the lookout for suspicious and fraudulent transactions.  

Passwords 106

Passwords Data breaches Password Management Identity Theft 106

Webroot

OCTOBER 31, 2024

The rise of AI-driven phishing and social engineering, increased targeting of critical infrastructure, and the emergence of more sophisticated fileless malware are all trends that have shaped the cybersecurity battlefield this year. By August 2024, RansomHub had breached at least 210 victims across various critical U.S.

Malware 117

Malware Ransomware Healthcare Passwords 117

eSecurity Planet

MAY 8, 2025

A powerful new phishing campaign is flooding Japanese email inboxes. According to reports by cybersecurity firm Proofpoint, a cybercrime tool known as CoGUI was used to send over 580 million phishing emails between January and April 2025. Over 172 million phishing emails were tracked across 170 campaigns in January alone.

Phishing 57

Phishing Scams Mobile Financial Services 57

Cisco Security

NOVEMBER 2, 2022

Going beyond the hype, passwordless authentication is now a reality. Cisco Duo’s passwordless authentication is now generally available across all Duo Editions. “ Cisco Duo simplifies the passwordless journey for organizations that want to implement phishing-resistant authentication and adopt a zero trust security strategy.

Authentication 141

Authentication Phishing Passwords Mobile 141

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. An ad for the OTP interception service/bot “SMSRanger.” The 2fa SMS Buster bot on Telegram.

Passwords 352

Passwords Authentication Banking Mobile 352

Krebs on Security

NOVEMBER 16, 2022

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode , an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic. com — which was created to phish U.S.

Malware 347

Malware Banking Phishing DDOS 347

Krebs on Security

NOVEMBER 19, 2021

One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle , a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family. What’s your username?”

Scams 363

Scams Banking Passwords Authentication 363

Security Affairs

APRIL 30, 2020

Group-IB uncovered a new sophisticated phishing campaign, tracked as PerSwaysion, against high-level executives of more than 150 companies worldwide. . ybercriminals behind the PerSwaysion campaign gained access to many confidential corporate MS Office365 emails of mainly financial service companies, law firms, and real estate groups.

Phishing 137

Phishing Accountability Financial Services Cloud Migration 137

eSecurity Planet

SEPTEMBER 30, 2021

Underground services are cropping up that are designed to enable bad actors to intercept one-time passwords (OTPs), which are widely used in two-factor authentication programs whose purpose is to better protect customers’ online accounts. By using the services, cybercriminals can gain access to victims’ accounts to steal money.

Authentication 113

Authentication Social Engineering Phishing Banking 113

eSecurity Planet

OCTOBER 5, 2021

Passwords are the most common authentication tool used by enterprises, yet they are notoriously insecure and easily hackable. At this point, multi-factor authentication (MFA) has permeated most applications, becoming a minimum safeguard against attacks. Jump to: What is multi-factor authentication? MFA can be hacked.

Authentication 104

Authentication Passwords Mobile Accountability 104

Security Affairs

JUNE 11, 2023

Microsoft researchers warn of banking adversary-in-the-middle (AitM) phishing and BEC attacks targeting banking and financial organizations. Microsoft discovered multi-stage adversary-in-the-middle (AiTM) phishing and business email compromise (BEC) attacks against banking and financial services organizations.

Phishing 98

Phishing Banking Financial Services Authentication 98

Zero Day

SEPTEMBER 18, 2024

The move comes amid growing phishing attacks targeting the financial services sector; most impacted by brand impersonation scams.

Authentication 75

Authentication Banking Financial Services Scams 75

Thales Cloud Protection & Licensing

AUGUST 31, 2022

Financial services continue to lead in cybersecurity preparedness, but chinks appear in the armor. It highlights the leadership of financial services in cybersecurity relative to other industries, but it also uncovers some surprising chinks in their cybersecurity armor. Thu, 09/01/2022 - 05:15.

Financial Services 62

Financial Services Cybersecurity Computers and Electronics Banking 62

Security Affairs

AUGUST 16, 2023

A phishing campaign employing QR codes targeted a leading energy company in the US, cybersecurity firm Cofense reported. “Beginning in May 2023, Cofense has observed a large phishing campaign utilizing QR codes targeting the Microsoft credentials of users from a wide array of industries.” com (Cloudflare’s Web3 services).

Phishing 98

Phishing Energy and Utilities Insurance Manufacturing 98

Malwarebytes

AUGUST 21, 2024

” Toyota and Toyota Financial Services have suffered several breaches in the past, so it’s hard to tell where and when the information was obtained more precisely. Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password. Take your time.

Passwords 124

Passwords Manufacturing Data breaches Phishing 124

Adam Levin

NOVEMBER 17, 2020

Mobile payment platforms, like Apple Pay and Google Pay, use advanced technology, like fingerprint authentication and tokenization (in which credit card account numbers are replaced by randomly generated numbers) to provide brick-and-mortar shoppers with an added layer of security. Enable two-factor authentication.

Scams 243

Scams Retail Banking Passwords 243

The Last Watchdog

MAY 24, 2021

billion hitting financial services organizations — an increase of more than 45 percent year-over-year in that sector. billion web app attacks last year, with more than 736 million targeting financial services. billion web attacks globally; 736 million in the financial services sector. A: Everything.

Financial Services 178

Financial Services Passwords Media Data breaches 178

The Last Watchdog

JULY 7, 2021

When you have a victim that came from a phishing attack on the financial services industry for example, and then later you obtain that victim’s gaming details, if there is a match on email addresses, username, address, etc. Some of the credential stuffing attacks can be traced back to existing data breaches or phishing.

Accountability 257

Accountability Mobile Passwords Authentication 257

Duo's Security Blog

DECEMBER 19, 2024

Phishing is still one of the most common attack vectors, and the holidays provide an especially appealing time to launch an attack thats been supercharged by modern natural language processing models and novel QR codes. No industry is spared this phishing season, though some are targeted more often than others.

Phishing 64

Phishing Authentication Social Engineering Passwords 64

Duo's Security Blog

NOVEMBER 20, 2023

One piece of evidence to support this hypothesis is the low adoption of a basic security control that protects against identity-based attacks - multi-factor authentication (MFA). Add to this, the risks of weak authentication factors such as SMS one-time passcodes and dormant or inactive accounts.

Threat Detection 138

Threat Detection Authentication Accountability Data breaches 138

SecureList

FEBRUARY 23, 2022

The research in this report is a continuation of our previous annual financial threat reports ( 2018 , 2019 and 2020 ), providing an overview of the latest trends and key events across the threat landscape. The term is also used to describe malware seeking access to financial organizations’ IT infrastructures. Financial Phishing.

Banking 139

Banking Phishing Cryptocurrency Malware 139

Malwarebytes

SEPTEMBER 30, 2021

Two-factor authentication is a great way to protect your online accounts, and we always recommend you turn it on. Yesterday, security intelligence firm, Intel 147, revealed it had noticed an uptick of activity in threat actors providing access to services in Telegram that circumvent two-factor authentication (2FA) methods.

Banking 104

Banking Authentication Social Engineering Passwords 104

Thales Cloud Protection & Licensing

JANUARY 10, 2022

The financial services ecosystem has evolved tremendously over the past few years driven by a surge in the adoption of digital payments. Security is paramount; digital payments are not only authorized but they must be authenticated as well. How Can We Secure The Future of Digital Payments? Tue, 01/11/2022 - 06:35.

Retail 126

Retail Financial Services Banking Authentication 126

Malwarebytes

JULY 19, 2024

Financial services had the most breaches, followed by healthcare. Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished. Better yet, let a password manager choose one for you.

Data breaches 122

Data breaches Passwords Identity Theft Phishing 122

SecureList

MARCH 31, 2021

Even though, in 2020, we have seen ever more sophisticated cyberattacks, the overall statistics look encouraging: the number of users hit by computer and mobile malware declines, so does financial phishing. In this research, by financial malware we mean several types of malevolent software. Financial phishing.

Banking 145

Banking Phishing Malware Mobile 145

Malwarebytes

JUNE 14, 2024

In 2020, Truist provided financial services to about 12 million consumer households. Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished. Watch out for fake vendors.

Data breaches 110

Data breaches Banking Passwords Phishing 110

IT Security Guru

NOVEMBER 4, 2022

Looking at particular attack methods, Obrela found that those most utilised were typically malware infection, reconnaissance, data exfiltration and phishing attacks, along with the exploitation of malicious insiders. . To decrease risk and make sure their security posture is up to scratch, organisations must remember to do the ‘basics’.

Banking 115

Banking Phishing Financial Services Government 115

Cisco Security

JANUARY 10, 2023

Traditionally CISOs have talked about the importance of improving security awareness which has resulted in the growth of those test phishing emails we all know and love so much. So, security will need to focus on supporting the introduction of flexibility and the ease of user experience, such as passwordless or risk-based authentication.

CISO 142

CISO Insurance Cyber Insurance Phishing 142

Adam Levin

AUGUST 21, 2019

Among other things, this slowness means fewer clicked links in phishing emails. By now, we should expect to be seeing puppet shows on the dangers of phishing. They may offer continuous training programs to help thwart phishing attacks and malware infections. All that aside, the best solution is free.

Phishing 138

Phishing Accountability Hacking Cybersecurity 138

The Last Watchdog

SEPTEMBER 7, 2022

Healthcare and public health, financial services, and IT organizations are frequent targets, although businesses of all sizes can fall victim to these schemes. Likewise, lookalike and spoofed web domains and well-crafted phishing emails now easily trick employees into thinking they’re dealing with trustworthy sources.

Ransomware 124

Ransomware Education Financial Services Phishing 124

Security Affairs

MARCH 19, 2022

. “AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors. ransomware and phishing scams).

Ransomware 119

Ransomware DDOS Backups Passwords 119

CyberSecurity Insiders

MAY 24, 2023

Website impersonation (also known as “brandjacking”) draws users to fraudulent copies of a brand’s website to trick them into revealing personal and financial account information used to steal their identities and funds. Memcyco is trusted by leaders in financial services, eCommerce and other industries.

eCommerce 94

eCommerce Artificial Intelligence Scams Financial Services 94

Security Affairs

MARCH 24, 2021

Forex trading may be dominated by banks and global financial services but, thanks to the Internet, the average person can today dabble directly in forex, securities and commodities trading. The personal identifiable information (PII) exposed by the leak could be used in fraudulent authentication across other platforms.

Passwords 137

Passwords Accountability Identity Theft Media 137

Dark Reading

DECEMBER 18, 2012

The recent article, “$850 Million Scheme Exploited Facebook: Authentication, Secure Browsing Would Have Reduced Losses,” illustrates just how important customer authentication is. Within the next two to five years, we will see stronger authentication everywhere, because the banks are going to get sick of the losses.”.

Banking 40

Banking Authentication Risk Identity Theft 40