Capital One Phish Showcases Growing Bank-Brand Targeting Trend

Capital One lures leveraged the banks new partnership with Authentify, showing that phishers watch the headlines, and take advantage.

A recent phishing campaign exploits Capital Ones new partnership with verification service Authentify, sending thousands of scam emails to the banks customers to try and trick them into uploading images of their identification cards.
The emails appear to be sent from a
Capital One
corporate account, and explain what the Authentify authentication app does, according to researchers at Vade who have been tracking the campaign since July 1. To provide an idea of the volume of scam emails being launched at customers, Vade reported that, at one point, the attackers sent out at least 6,000 in one day.
You are required to provide any copy of your ID for verification and to ensure that you are fully enrolled to avoid account restrictions now, the phishing email read.
Vade noted that, unlike most other
campaigns targeting credentials
, this Capital One phishing scam was after identities.
The timing of the campaign shows cybercriminals are acutely aware of news items they can use to help sell their latest scams to victims, the
Vade report
said, adding that on the same day Capital One announced it would be working with Authentify, six other financial organizations, including Bank of America, PNC Bank, Wells Fargo, and other household brands, announced similar deals.
These phishing attacks represent a larger trend of threat actors co-opting financial services brands to use as phishing lures for the cybercrimes, Vade added. Currently, financial services brands are the most spoofed, making up a full 34% of all phishing URLs during the first quarter of 2022, according to Vades analysis.
We anticipate this trend to continue and urge users to be suspicious of both emails from financial institutions and also third-party applications associated with those institutions, read the report. Always operate under the assumption that both can be spoofed and always login to accounts directly from a browser or application and not from email.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Capital One Phish Showcases Growing Bank-Brand Targeting Trend