Published by Jessica Weisman-Pitts
Posted on February 17, 2023
5 min readLast updated: February 2, 2026
Add as preferred source on Google
By Richard Cahill, Regional Leader, CSC Digital Brand Services
Banking and financial services industries are known for being at the forefront of cyber protection and innovation. Yet they are also among the most targeted by phishing attacks, social engineering, CEO fraud and business email compromise (BEC) due to the sheer number of clients and financial data they own. According to the Carnegie Endowment International Peace, cyber risks to banking and financial industries have grown in recent years and is becoming more frequent, sophisticated, and destructive. As cyber risks continue to increase, these institutions face greater challenges in quantifying them and addressing their capacity for harm.
One area of cybersecurity that banking and financial industries continue to struggle with is domain security. Web domains are a crucial part of any businesses’ operations, supporting client facing websites, organizations email, client or supplier portals, and much more. But like anything else that’s critical to an organization, they are also a key piece of the external attack surface that companies need to protect. Whether it be typosquatting, lookalike domain attacks, or phishing/malware campaigns, bad actors will find ways to conduct cyberattacks and take advantage of these assets.
Over the last three years, we have been reporting on the domain security posture of the Forbes Global 2000 companies annually. One of the key findings from this year’s 2022 Domain Security Report, captured in the chart below, was that Banking was the top industry being targeted with fake domain registrations, followed closely by Diversified Financial companies tied for the 5th spot.
One of the key findings in this report is that out of all of the Global 2000 companies, over 75% of homoglyph domains are owned by third parties. And of those domains owned by third parties (not owned by the brand owner) that are online for malicious purposes, 14.6% of these domains are targeting the Banking and Diversified Financial companies alone – a high percentage given the number of industry classifications within the Global 2000.
Additionally, the report provided domain security scores to showcase top companies or industries with domain security best practices and protocols deployed. Further analyses of the report’s data showed in the chart below that Banking and Financial Services industries ranked in the middle of all industries for deploying security measures that can prevent domain or DNS attacks from happening.
Overall, from the report, we’re seeing some organizations becoming more secure, but there is still a portion of companies with considerable domain security risk. This year’s report reveals that 75 percent of the Global 2000 companies and their brands are being e maliciously registered as fake domains by third parties, as they fail to implement key domain security measures.
Many governing bodies have begun to focus on domain security, including the UK National Cybersecurity Center, and the Central Digital and Data Office, which offers a list of best practices. Below are four key steps a bank or financial institution can take to safeguard their domains and brands from online abuse and fraud:
Eliminate third-party risk by assessing your domain registrar’s security, technology, and processes along with your company’s domain name system (DNS) management provider. Be sure to also identify and secure vital domain names, DNS, and digital certificates.
Register domains that could be high-value targets related to your brands and make sure you identify domain and DNS spoofing tactics as well. It is also important to identify trademarks and copyright abuse on web content, online marketplaces, social media and apps.
To reduce the risk to your organization, it is vital to use phishing monitoring and a fraud-blocking network of browsers, partners, ISPs, and security information and event management systems. We also recommend using a range of technical and legal approaches for enforcement including takedowns and worldwide fraud blocking networks to mitigate these online scam sites by having an enforcement provider ‘on standby.’
The following issues are often common with consumer-grade domain registrars:
The risk of a bank or financial institution not addressing their domain security can be catastrophic. Domains that are not protected pose a significant threat to cybersecurity posture, data protection, consumer safety, intellectual property, supply chains, revenue, and reputation. We can expect awareness of these issues to grow, and for cyber insurance providers to start holding clients accountable for the quality and rigor of their domain defense strategies and approaches.
In today’s world, artificial intelligence (AI) will significantly increase cybercriminals’ skillsets when launching attacks so defense tools need to be as smart as the technologies used by bad actors. With innovations such as ChatGPT, the best course of action to protect banks and financial institutions is to continue to elevate the awareness of these threats and share best practices, so that organizations can improve their domain security posture and safeguard their domains and brands from online abuse and fraud.
Phishing is a cyberattack method where attackers impersonate legitimate organizations to trick individuals into revealing sensitive information, such as passwords or credit card numbers.
Business email compromise (BEC) is a type of cybercrime where attackers gain access to a business email account and use it to conduct fraudulent activities, often leading to financial losses.
Social engineering is a manipulation technique that exploits human psychology to gain confidential information, often used in cyberattacks to trick individuals into breaking security protocols.
A cyber risk is the potential for loss or harm related to technical infrastructure or the use of technology within an organization, often due to cyberattacks or data breaches.
Explore more articles in the Technology category
