Between November 2017 to April 2019, threat actors carried out 3.5 billion malicious login attempts as part of credential stuffing attacks, in which credentials exposed in a data breach at one firm are used to gain access to accounts at another company. Akamai also identified close to 200,000 phishing domains between 2018 and 2019, half of which related to the financial services industry, with 66% of them targeting customers.
Martin McKeay of Akamai warns that “a whole economy [is] developing to target financial services organizations and their consumers,” with attackers using credential stuffing and phishing to compromise user accounts, which are then sold on dark web market places.
Read more: Capital One is not alone: 3.5B malicious login attacks target banks and customers