02:24 PM
Connect Directly

"Puddle Phishing" Hits Small Banks, Credit Unions

Phishers are baiting users of smaller banks, a security firm says, calling the practice "puddle phishing."

Phishers are baiting users of smaller banks, a security firm said Monday, calling the practice "puddle phishing."

"In the past, phishers focused on mainstream consumer sites with millions of users, but now the targets are becoming much smaller and more localized," said Dan Hubbard, senior director of security at Websense, in a statement. "By targeting a bank with just a few branches, the number of potential phishing prey is reduced to a much smaller number, sometimes to just a few thousand people. Nonetheless, the fact that we are seeing more and more of the smaller financial outlets being targeted by phishing attacks may indicate that this is a highly profitable scam."

San Diego, Calif.-based Websense has spotted more than 30 scams involving small-scale credit unions since the first of the year, Hubbard added, some of which have as few as 11 branches. One scheme targeted a credit union that serves employees and staff of the White House.

While the size of these targets may differ from mainstream phishing, the attack techniques are the same. "The style and dynamics are very similar on many of these recent puddle phishing attempts, which may mean that there is some tool sharing or a small amount of attackers behind this recent wave," said Hubbard.

And even though they're small, credit unions and local banks certainly fit the profile of phishing attack victims. In April, the most recent month for which there is data from the Anti-Phishing Working Group, 84 percent of the brands phished were from the financial services sector.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology
BS&T's 2014 Elite 8 executives are leading their banks to success, whether it involves leveraging the cloud, modernizing core systems, or transforming into digital enterprises.
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.