Capital One Phish Showcases Growing Bank-Brand Targeting Trend

Capital One lures leveraged the bank's new partnership with Authentify, showing that phishers watch the headlines, and take advantage.

2 Min Read
Image of phishing lure
Source: Natchapon Nilsonti via Alamy Stock Photo

A recent phishing campaign exploits Capital One's new partnership with verification service Authentify, sending thousands of scam emails to the bank's customers to try and trick them into uploading images of their identification cards. 

The emails appear to be sent from a Capital One corporate account, and explain what the Authentify authentication app does, according to researchers at Vade who have been tracking the campaign since July 1. To provide an idea of the volume of scam emails being launched at customers, Vade reported that, at one point, the attackers sent out at least 6,000 in one day. 

"You are required to provide any copy of your ID for verification and to ensure that you are fully enrolled to avoid account restrictions now," the phishing email read. 

Vade noted that, unlike most other campaigns targeting credentials, this Capital One phishing scam was after identities. 

Phishers Watch the News

The timing of the campaign shows cybercriminals are acutely aware of news items they can use to help sell their latest scams to victims, the Vade report said, adding that on the same day Capital One announced it would be working with Authentify, six other financial organizations, including Bank of America, PNC Bank, Wells Fargo, and other household brands, announced similar deals. 

These phishing attacks represent a larger trend of threat actors co-opting financial services brands to use as phishing lures for the cybercrimes, Vade added. Currently, financial services brands are the most spoofed, making up a full 34% of all phishing URLs during the first quarter of 2022, according to Vade's analysis. 

"We anticipate this trend to continue and urge users to be suspicious of both emails from financial institutions and also third-party applications associated with those institutions," read the report. "Always operate under the assumption that both can be spoofed and always login to accounts directly from a browser or application and not from email."

About the Author

Becky Bracken, Senior Editor, Dark Reading

Dark Reading

Becky Bracken is a veteran multimedia journalist covering cybersecurity for Dark Reading.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights