Hackers have been targeting three major banks in Hungary with a slew of phishing attempts, the National Bank of Hungary said on Tuesday (8 August). The country's central bank, however, did not name the financial institutions affected or specify any suspected entities behind the attacks.
The financial market regulator and a member of the European System of Central Banks (ESCB) said threat actors were targeting banking clients with phishing emails and text messages that asked account holders to confirm their security credentials.
The cloned websites used by hackers to try and trick account holders into disclosing their bank account details and login credentials also seemed to be more convincing than previous phishing attempts, the central bank noted. Rather than depending on translation software, these sites used grammatical Hungarian to trick a user into thinking the site is legitimate and secure.
However, it noted that no funds were lost due to the cyberattacks, which started in June.
In the wake of these phishing attacks, the affected banks are taking steps to bolster their security and deal with the issue. However, the central bank warned that other banks could be targeted soon by similar attacks as well.
The news comes as hackers increasingly target financial institutions across the globe using an array of cybertools including elaborate phishing scams to trick users into divulging their login credentials and personal information, various malicious malware and data-stealing Trojans and spoof websites among other techniques.
According to a recent study by PhishMe, 91% of targeted cyberattacks begin with a spear phishing email.
"Fear and urgency are a normal part of every day work for many users," the report reads. "Most employees are conscientious about losing their jobs due to poor performance and are often driven by deadlines, which leads them to be more susceptible to phishing."
Aaron Higbee, co-founder and CTO at PhishMe said: "Our analysis shows that continued exposure to simulations lowers the chance of an employee falling for a phishing email – the key being consistent exposure. Once employees are conditioned to identify phishing attacks, our data shows that reporting them to the IT Security team starts to outweigh organizational susceptibility. It only takes one employee to report a targeted attack to give incident response teams a chance to stop a potential data breach."