Phishing scam targeting Bank of America, Citi and Wells Fargo customers

Cybercriminals often scour a website’s code, figuring out how to hack into the data. When they discover security vulnerabilities or weaknesses, they launch attacks with devastating consequences. Tap or click here to see how 5.4 million Twitter users’ personal data was leaked.

Other times, hackers take a backseat to the action. Instead, they sell their tools to other criminals who use them to commit cybercrimes. Taking a page from legitimate companies, hackers promote their wares as malware as a service (MaaS). But now a new twist is here that involves phishing.

Read about the latest cybercrimes against banks using PhaaS and what you can do about it.

Here’s the backstory

Software as a Service (SaaS) is a legitimate business model. Popular SaaS products include productivity tools like Trello and Slack. Additionally, Microsoft’s Office 365, Adobe Creative Cloud, and Google Workspace are considered software-as-a-service.

When it comes to cybercrime, a relatively new tool is Phishing as a Service (PhaaS), where hackers sell their phishing software to criminals for a monthly fee. Unfortunately, one of these PhaaS attacks is widespread in the US, targeting customers of Citibank, Bank of America, Capital One and Wells Fargo.

According to cyber security company IronNet, “Robin Banks is a ready-made phishing kit that aims to gain access to the financial information of individuals residing in the United States, as well as the United Kingdom, Canada, and Australia.

A phishing scam is when criminals send text messages or emails to potential victims, hoping to trick them into handing over their banking information. Emails are often designed to mimic authentic banking communications, but contain malicious links or attachments.

Once clicked, it takes you to a fake website where you have to enter your bank credentials. But once you do, the website captures your information and drains your account.

Hackers can even set up Robin Banks to steal Google, Microsoft, or other online account information. However, the most concerning aspect of the software is not what it can do, but that it is relatively affordable.

According to IronNet, “single pages that include any future updates and 24/7 support run for $50 per month. Full Access, which provides access to all pages, costs $200/month.”

What you can do against phishing scams

Phishing attacks have severe consequences. But you can take steps to protect yourself. Here are some security tips:

• Never click on links you receive in unsolicited emails or text messages. They can be malicious and infect your device with malware.
• Do not open Word or Excel files attached to unsolicited emails. If you open one of these documents and it says you need to enable macros, close the file and delete it immediately.
• Keep your computer and mobile devices updated to the latest version. Operating system and application updates protect you from the latest threats and are your first line of defense against malware.
• Use two-factor authentication and password managers for better security. Tap or click here for details on 2FA.
• Always have a reliable antivirus program up to date and running on all your devices. We recommend our sponsor, TotalAV. Get an annual plan with TotalAV for just $19 per ProtectWithKim.com. That’s over 85% off the regular price!

Keep reading

New Report: Half of all Phishing Attempts Globally Impersonate This Brand

This data-stealing phishing attack is a triple threat malware