Technology giant Microsoft and multinational banking firm American Express are the most spoofed companies in phishing emails targeting financial services. That’s according to the 2023 Financial Services Sector Threat Landscape report by Trustwave SpiderLabs, which examines a multitude of threats faced by the financial services industry. The report cited phishing and email-borne malware as the most exploited methods for gaining an initial foothold into organizations, with Trustwave SpiderLabs observing “interesting developments” in the delivery methods, techniques, themes, and targeted brands of attacks on financial services in the last year. Such developments have contributed to the continuing relevance and effectiveness of these types of attacks, according to the report.
Financial services are increasingly coming into the crosshairs of cybercriminals. Recent research from Akamai discovered a surge in web application and application programming interface (API) attacks targeting the global financial services industry. These attacks grew by 65% in Q2 2023 compared to Q2 2022, accounting for 9 billion attacks in 18 months with banks bearing the brunt, according to the vendor’s High Stakes of Innovation: Attack Trends in Financial Services report. The research also found that the financial services sector is now the top vertical for DDoS attacks, with the EMEA region accounting for 63.5% of global DDoS events.
HTML files most common malicious attachments
Data from Trustwave SpiderLabs’ financial services client base indicated that HTML files are the most common malicious attachments in emails, making up 78% of all malicious attachments assessed, according to the report. These are mainly used for credential phishing, redirectors, and HTML smuggling, with 33% of HTML files employing obfuscation as a means of defense evasion, it added.
Aside from HTML, Trustwave SpiderLabs observed executables as the next most prevalent type of malicious attachment, accounting for 14%. Information stealing malware such as Gootloader, XLoader, Lokibot, Formbook, and Snake Keylogger were among the most spotted attachments, while Agent Tesla (RAT) was also detected in the dataset. Attackers’ use of PDFs (3%), Excel (2%), and Word documents (1%) was sparse in comparison, according to the report.
Voicemail notifications, payment receipts, purchase orders, remittances, bank deposits, and quotation requests were the most common themes in malicious attachment emails, with American Express (24%), DHL (21%), and Microsoft (15%) the brands most spoofed.
The most prevalent, non-malicious attachment phishing themes cited in the report include “Urgent Action” messages, mailbox elated alerts, document sharing, e-signing, account-related alerts, missed communications, meeting-related notifications, and payment/invoice-related alerts. The brands most spoofed in these types of attacks are Microsoft (52%), DocuSign (10%), and American Express (8%). As for business email compromise (BEC), “Payroll Diversion” is the most used theme at 48% with “Request for Contact” and “Task” at 23% and 13%, respectively.
