The Canadian Imperial Bank of Commerce is one of the most commonly targeted brands used by cyberthieves in phishing attacks across North America, with a more than 600 per cent surge in fake email attempts in the third quarter, according to analysis by an email security firm.
Vade Secure’s research shows that during that period CIBC was the lone Canadian company among the top 25 brands used by cybercriminals trying to trick people into handing over their credentials and confidential data, according to the France-based company’s engine.
The Toronto-based bank was ranked 25th and used in an average of 5.3 new phishing links per day during the third quarter, an increase of more than 622 per cent from the previous quarter, the analysis showed.
The email security firm’s chief executive Adrien Gendre said each of these links, which typically mimic official webpages, can be sent to thousands of users.
It’s unclear what is behind the surge in phishing activity, but one factor could be CIBC’s launch of its Simplii Financial direct banking brand last year, Gendre said. When users are less familiar with what interactions to expect, they are easier to deceive with a fake email, he said.
“Every new service, it’s a good target for phishing... People will click more on it,” Gendre said.
Vade Secure, based in Lille, France, protects more than 500 million inboxes and its conclusions were based on the phishing attacks detected by its artificial-intelligence powered platform.
CIBC said “cybersecurity is an evolving space that we monitor closely.
“We have multiple layers of security in place and continuously invest to safeguard our clients,” spokesman Tom Wallis wrote in an emailed statement.
The email security firm’s analysis comes as Canadian banks continue ramp up their spending on technology, including cybersecurity defences, and months after BMO and Simplii said that thousands of customers may have had personal and financial data compromised.
In May, BMO said hackers contacted the bank claiming to be in possession of the personal data of fewer than 50,000 customers, and that the attack originated outside of Canada. At the same time, Simplii also warned that “fraudsters” may have accessed certain personal and account information for about 40,000 clients.