The number of phishing attacks on nationwide banks, long on the decline, suddenly surged in March and April, according to the RSA Anti-Fraud Command Center.
According to the center's May online fraud report, large U.S. banks made up 61% of the financial brands in the U.S. targeted by phishing in April, up from 57% in March and a dramatic increase from 28% in February. By comparison, regional banks made up 35% of the financial brands hit by phishers in April, a sharp drop from 60% in February.
For the past few years, the share of phishing attacks against banks whose markets span the U.S. had been on the decline as the banks implemented systems to thwart phishers and customers became more aware of the attacks, Uri Rivner, head of new consumer identity protection technologies at RSA, the security division of EMC, wrote in a blog post about the phishing attack trend. Attackers then set their sights on the smaller targets of regional banks and credit unions, he said.
Rivner noted that many smaller financial institutions have now implemented defenses that deflect phishing attacks.
"So if all banks are more or less equally protected in their online channel, maybe it's time for the fraudsters to move elsewhere," he said. "They want to collect as much information as possible in phishing so they can hit other bank channels (such as the phone channel), utilize more data for identity theft, or spread Trojans by taking over email accounts and social network accounts."
One of the top 10 U.S. bank brands had 1,218 phishing attacks in April, up from just seven in February, Rivner reported. A total of 30 nationwide banks were attacked in April compared to 13 in February.