Spammers Get Better at Impersonating Banking Services, Use Lingo and Legit Layouts to Con Victims

E-mail-based attacks mimicking well-known financial institutions and online payment services have surged over the Halloween and Black Friday season, as cybercriminals continue to leverage restrictions brought on by the pandemic.

Although coronavirus-related email messages dominated phishing campaigns throughout the year, the uptick in digital transactions, online shopping and the online management of individual finances have created given cybercriminals new advantages.

A series of phishing campaigns posing as online banking services marred the second half of 2020, according to the Bitdefender Antispam Lab:

  • September 20 – 38.08% of all incoming emails relating to banks and financial services was marked as spam
  • October 25 – nearly 6 in 10 emails (58.84%) relating to the banking industry were fraudulent
  • November 29 – 30.7% of all received emails appearing to come from popular financial institutions was spam

Many of the fraudulent emails mimic legit correspondence sent by actual banks. They contain real logos, specific layouts and even industry lingo, making it harder for recipients to notice the red flags, especially when accessing the message from a phone or tablet.

However, most of the spam messages transmit a sense of urgency, asking users to quickly either share personal or financial information, download a document or attachment, or click on links to resolve a security issue.

Here are some of the most significant spam and malspam campaigns leveraging customers of prominent financial institutions in the past two months:

Standard Bank

Customers of the South African bank were targeted in three major spam campaigns between October and November 2020. On October 7, 97.76% of incoming correspondence claiming to be from Standard Bank was fraudulent. Additional campaigns were picked up on November 26-27, when 87.96% and 90.64% of the correspondence was marked as spam.

Sample 1. Standard Bank phishing email

Sample 2. Standard Bank phishing email

Bank of America

Bank of America customers were targeted by scammers in a significant phishing campaign on October 17, when nearly 5 in 10 emails (48.54%) posing as legitimate correspondence from the bank were flagged as fraudulent.

In one phishing scenario, customers receive a security alert from the bank, which prompts them to verify their account and prevent unauthorized access to their online profile. Users can easily fall for this ruse, since many online companies have engaged in additional security measures and tools to prevent data breaches and restrict access to personal and financial information of customers throughout the year.

In a separate version of the scam, customers receive a message alerting them that their debit card has been deactivated due to an undisclosed number of transactions. After setting the bait, users are asked to follow a link and enter their account and card information to reactivate it.

Sample 3. Bank of America phishing email

Sample 4. Bank of America phishing email

Sample 5. Bank of America Phishing email


A three-day spam campaign targeted HSBC Bank customers on November 26-28 (Black Friday weekend), when more than 97% of all incoming emails indicating they were from the British multinational banking and financial services organization were malicious or fraudulent in nature.

In two versions of the scam, cybercriminals tempt users to download attachments containing information on a wire transfer. By accessing the document, recipients infect their device with info-stealing Trojans and ransomware.

Sample 6. HSBC phishing email

Sample 7. HSBC phishing email

Wells Fargo

Wells Fargo customers were also targeted by cyber-crooks in a significant phishing campaign on October 13. According to Bitdefender Antispam Lab, 93.11% of all emails claiming to be from the US financial organization were flagged as fraudulent.

Below is another example of how fraudsters use social engineering to trick users into believing their bank account is locked. While the logo and content of the message may seem legit, a closer look at the sender’s email address confirms that the email is not sent from the actual bank.

Sample 8. Wells Fargo phishing email

Sample 9. Wells Fargo phishing email

La Banque Postale

A noteworthy phishing campaign targeting La Banque Postale customers was noticed on November 18, when 97.69% of all incoming emails associated with Parisian-based bank were marked as spam. The scammers attempt to trick recipients into accessing a link allowing them to listen to an important message received from the bank.

Sample 10. La Banque Postale phishing email

ANZ and NAB Banks

The names of Aussie financial entities such as Australia and New Zealand Banking Group Limited and National Australia Bank were also used to trick unsuspecting recipients into providing sensitive information.

Scammers sent out emails mimicking the ANZ Internet Banking service in an attempt to steal the login credentials of their account.

Cyberthieves impersonating the National Australia Bank sought to entice beneficiaries to provide personal identifiable information (PHI) such as their passport number and National ID number to receive a transfer of $15 million into an account of their choosing. The fraudsters claim that the users received a payment on behalf of the yearly Coca-Cola lottery, deposited the National Australia Bank until further notice.

Sample 11. ANZ phishing email

Sample 12. NAB phishing email


PayPal was the most mimicked brand in the online payments system services in H2 this year. A global phishing campaign hit Inboxes on October 21, when 8 in 10 emails (80.50%) were marked as fraudulent. All three versions of the scam, sent to English, French and Spanish users, notify recipients of suspicious activity in their PayPal accounts. Fraudsters claim that account use is restricted until customers log in and verify their identity. If recipients click on the Login button, they are re-directed to spoofed websites that steal their login information and compromise their PayPal accounts.

Sample 13. PayPal phishing email US

Sample 14. PayPal phishing email US

Sample 15. PayPal phishing email FR

Sample 16. PayPal phishing email ES

Sample 17. PayPal phishing email DE

Western Union

The famous name of international money transfer service Western Union was also leverage by scammers in two significant phishing campaigns, on October 18 and November 27. 97.39% and 75.12% of all incoming emails using the Western Union name were flagged as spam.

This time, however, users are lured with the possibility of winning a prize from Western Union. No additional information is provided in the body of the message. Recipients are told to download and open the document on their device, which urges them to provide personal information alongside a small fee to claim their prize.

Sample 18. Western Union phishing email

This past year has revealed that bad actors have honed their social engineering skills for maximum effect, tailoring their correspondence to fit every headline and the socio-economic environment shaped by the health crisis.

Every day, thousands of individuals fall for fraudulent emails from cybercriminals pretending to be a bank representative. On top of the financial loses that follow, users may also become victims of identity theft, and malware and ransomware infections that compromise their devices, privacy and well-being.