New banking scam: Warning for Bank of America, Citi and Wells Fargo customers

July 29, 2022

By Kim Komando

Cybercriminals often scour a website’s code, figuring out how to infiltrate the data. When they discover vulnerabilities or security weaknesses, they launch attacks with devastating consequences. Tap or click here to see how the personal details of 5.4M Twitter users leaked.

Other times, hackers take a back seat to the action. Instead, they sell their tools to other criminals who use them to commit cybercrimes. Taking a page from legitimate companies, hackers promote their wares as Malware as a Service (MaaS). But a new twist that includes phishing is now here.

Read on for the latest cybercrimes against banks using PhaaS and what you can do about it.

Here’s the backstory

Software as a service (SaaS) is a legit business model. Popular SaaS products include productivity tools such as Trello and Slack. In addition, Microsoft’s Office 365, Adobe Creative Cloud and Google Workspace are all seen as software as a service.

Regarding cybercrime, a relatively new tool is Phishing as a Service (PhaaS), where hackers sell their phishing software to criminals for a monthly fee. Unfortunately, one of these PhaaS attacks is rampant in the U.S., targeting Citibank, Bank of America, Capital One, and Wells Fargo customers.

According to the cybersecurity company IronNet, “Robin Banks is a ready-made phishing kit aiming to gain access to the financial information of individuals residing in the U.S., as well as the U.K., Canada, and Australia.”

A phishing scam is when criminals send text messages or emails to potential victims hoping to trick them into handing over their banking information. The emails are often designed to mimic authentic banking communications but contain malicious links or attachments.

Once clicked, it takes you to a spoofed website where you must enter your banking credentials. But once you do so, the website captures your information and drains your account.

Hackers can even tweak Robin Banks to steal Google, Microsoft, or other online account information. However, the most worrying aspect of the software is not what it can do but that it’s relatively affordable.

According to IronNet, “single pages, which include any future updates and 24/7 support, run for $50 per month. Full access, which provides access to all pages, costs $200/month.”

What you can do about phishing scams

Phishing attacks have severe consequences. But you can take steps to protect yourself. Here are a few security tips:

Keep reading

New report: Half of every phishing attempt worldwide impersonates this brand

This data-stealing phishing attack is a triple malware threat

https://www.komando.com/news/bank-phishing-scam/