Attackers impersonate an American bank holding Capital One to steal identities rather than account credentials.
The ongoing phishing campaign exploits Capital One's recent partnership with an online verification service Authentify, cybersecurity company Vade said.
"Like other highly publicized partnerships, the Capital One/Authentify collaboration piqued interest from phishers, who are known to pay attention to the news cycle," Vade said. Authentify also works with Bank of America, PNC Bank, Truist, U.S. Bank, and Wells Fargo.
The fake email introduces the Authentify service and urges victims to upload their ID to start using it. Otherwise, the attackers threaten to restrict the account.
Phishing emails were sent from an IP address in India. The link redirects victims to a phishing page impersonating Capital One, asking them to upload their state-issued IDs front and back.
Fraudsters send up to 6,000 phishing emails daily, and the campaign is still ongoing.
Financial services are highly targeted by threat actors. During the first half of 2022, 34% of all phishing URLs impersonated financial institutions.
"We anticipate this trend to continue and urge users to be suspicious of both emails from financial institutions and also third-party applications associated with those institutions. Always operate under the assumption that both can be spoofed and always login to accounts directly from a browser or application and not from email," Vade said.
More from Cybernews:
Subscribe to our newsletter