No banking entity, especially corporate banking, is able to run today without a website and an email system. For cybercriminals, this has always presented them with an opportunity to swindle users through the art of phishing.
Recently, corporate banking technology is fighting back with the use of the .bank domain.
Corporate Banking and Phishing
Be it commercial or corporate banking, the news is full of users falling victim to phishing and their money being siphoned off. According to Vade Secure, a tech firm specializing in cyber threat detection, banks users made up around 35% of the top 25 list of corporations cybercriminals preferred to phish last year.
From just a couple of hundred dollars to thousands – even millions – online bad actors are always attracted to the financial institutions. The bigger the bank, the more prone it is to attacks. Phishing is also becoming more complex as the nefarious teams have started to mimic bank websites so well that it can be hard to distinguish from the real one.
One such example is the discovery of a Citibank clone a couple of years back. It was so well done that it was extremely difficult to know if it was real or fake, even down to the smallest detail, including OTP request generation and issuance.
Banks are Finally Fighting Back
In the latest corporate banking technology news, the financial institutions finally seem to have enough of it and are working to end phishing once and for all.
The solution? ICANN and fTLD banded together to create the .bank domain. The Internet Corporation for Assigned Names and Numbers is a non-profit organization that controls and issues domain naming systems. It has given fTLD, a register service for banks and other financial institutions, the authority to issue .bank domains to – well – banks.
Astounding as this corporate banking technology news may be, the reality is that banks are only starting to realize the importance. The .bank domain has been available since 2014 and while fTLD pushed for a global adoption campaign, a total of 2200 have registered their banking domain, with only 745 using it, some even as a secondary domain that just redirects to their original one.
But What is Phishing?
Phishing is a common method of tricking users into thinking that they are on the original website or webpage. This extends even to emails.
Over the years the sophistication has increased a lot. Cloning a webpage or creating an email so that they seem to come from the bank is not that difficult honestly. All it takes is an experienced web developer for the webpages and the ability to write a compelling email. The fake .com domain itself can cost as low as $20 to register.
By registering domains that are very close to the original, the bad actors can pass off their efforts as genuine. An extra “i” or replacing the letter “a” with “e” in the fake domain is all they need. Users normally just scan the URL and it is human nature to skip over the subtle differences.
What ends up is that the users enter their sensitive information like bank account numbers, passwords, etc., thinking that they are logging in to their bank, but the fake domain simply redirects it to the scammers, who now have access to the real account and all the money inside.
Most phishing victims never realize what has happened until they receive a call from the bank on their checks bouncing or when their cards are declined. A little too late.
.bank Puts a Stop to Phishing
fTLD, the organization responsible for assigning the .bank domain to financial institutions, is an extremely effective deterrent to phishing attacks.
With only registered and approved banks able to register a domain with the naming system, phishing and other bad actors trying to push emails or webpages as genuine bank ones will find it impossible.
Banks are now increasingly adopting the .bank domain and shifting over to it. While the transition takes time and it is not as easy as flicking a switch, the shifting has shown its effectiveness.
Indeed, one US bank has witnessed an immense decrease in phishing attacks. Excel Bank, under the umbrella registration of EH National Bank, had shifted over to the domain 2 years back and officials have said it has made their lives easier.
Though this doesn’t stop all phishing attacks, it is a major step towards combating the ever increasing threat. However, with a proper marketing campaign that includes banners, emails and ads on all media, institutions deciding to shift to the .bank domain can maximize customer engagement and knowledge.