Bank of America
  • Bank of America received 70 complaints of phishing impersonations last year, Wells Fargo received 68
  • Financial services in top 5 most target sectors by phishing attacks

Phishing is a type of cyberattack that uses email, SMS, phone, or social media to entice a victim to share personal information – such as passwords or account numbers – or to download a malicious file that will install viruses onto their device. 

In short, attackers “fish” for a victim by setting a hook and waiting for someone to take the bait. The financial sector is a lucrative target for phishing scammers as users can be more easily persuaded to give up sensitive personal information. 

But which financial organization is the most impersonated in the U.S and what does the public need to be most cautious of?  

To find out, the CrowdStrike data science team submitted an FOIA request to the Federal Trade Commission and asked for the number of phishing scams reported for the largest 50 brands and all U.S. federal agencies.   

According to the CrowdStrike study, Bank of America, one of the world’s leading financial institutions, received 70 complaints for phishing impersonations last year.  

This was closely followed by Wells Fargo, who received 68 complaints last year.

This is particularly concerning, given that Bank of America and Wells Fargo have over 66 million and 70 million customers respectively – these customers rely on their bank for discrete and secure service.  

Elsewhere, retail is the most targeted sector overall (1,335 incidents). Amazon was a big contributor to this and was the most impersonated organization across all sectors (1,262 incidents).  

This comes off the back of Amazon sales soaring as consumers switched to online shopping to protect their personal safety or for convenience while their local stores were forced shut.  

Phishing, as an attack method, is nothing new – it goes back to the mid-1990s when criminals first began stealing passwords from an early online-services website America Online, now known as AOL.  

But the scale of the phishing phenomenon is new. Recently released FBI data shows phishing is now the most popular attack method used by cyber criminals in the U.S., totaling 241,342 victims in 2020 alone. That’s 814 percent more victims than in 2018. 

The 2021 CrowdStrike Global Threat Report put this down to, in part, COVID-19 which has given cyber criminals a unique opportunity to use social engineering techniques to exploit our basic human emotions like greed, curiosity, fear and the desire to help. All of which have been heightened during the pandemic.