"Capital One Phish Showcases Growing Bank-Brand Targeting Trend"

Security researchers at Vade have discovered a recent phishing campaign exploiting Capital One's new partnership with verification service Authentify, sending thousands of scam emails to the bank's customers to try and trick them into uploading images of their identification cards. The emails appear to be sent from a Capital One corporate account and explain what the Authentify authentication app does. The researchers have been tracing this campaign since July 1st. To provide an idea of the volume of scam emails being launched at customers, the researchers reported that, at one point, the attackers sent out at least 6,000 in one day. The email states that you are required to provide any copy of your ID for verification and to ensure that you are fully enrolled to avoid account restrictions. The researchers noted that unlike most other campaigns targeting credentials, this Capital One phishing scam was after identities. The researchers stated that the timing of the campaign shows cybercriminals are acutely aware of news items they can use to help sell their latest scams to victims. The researchers noted that on the same day Capital One announced it would be working with Authentify, six other financial organizations, including Bank of America, PNC Bank, Wells Fargo, and other household brands, announced similar deals. The researchers stated that currently, financial services brands are the most spoofed, making up a full 34% of all phishing URLs during the first quarter of 2022. The researchers stated that they anticipate this trend to continue and urge users to be suspicious of both emails from financial institutions and also third-party applications associated with those institutions.  

Dark Reading reports: "Capital One Phish Showcases Growing Bank-Brand Targeting Trend"