Financial institutions are “top targets” for phishing attacks, accounting for more than half of all phishing attacks globally, according to a new report by the U.K. cybersecurity consulting firm Red Sift.
Many banks remain vulnerable to phishing attacks due to weak domain-based message authentication, reporting and conformance, or DMARC, enforcement, according to the report. To study the issue, the firm examined DMARC data from 510 of the largest U.S. banks. It found that only 42% of banks enforce “p=reject” policy, in which unauthenticated emails are automatically rejected. Only about 19% of banks enforced “p=quarantine,” in which questionable emails are quarantined.
The firm said phishing continues to surge, with the international Anti-Phishing Working Group recording 989,123 attacks in the fourth quarter of 2024, the highest quarterly volume ever. “Generative AI has only sharpened the threat: polished, typo-free messages generated by large language models erase the telltale signs consumers were trained to spot,” according to the report.
