Over 90% of cyberattacks start with phishing. Banking has remained one of the most phished industries for decades, yet most banks still operate in publicly available, unrestricted domains (e.g., .com, .net). These domains enable bad actors to easily obtain lookalike domains to execute phishing and spoofing attacks that lead to breaches, ransomware, identity theft, and financial fraud.
Banks must move from easily abused domains to limit their exposure to cyberattacks.
Banks are going digital to enhance their services and to address customer demand for online banking. These shifts make it increasingly critical that customers can easily authenticate online engagements with the bank vs phishing emails and spoofed sites created by hackers.
Customers must be able to recognize and trust banks’ digital tools as they do brick-and-mortar branches.
The .BANK domain, gated exclusively for banks, prevents bad actors from obtaining lookalike domains making it easy for anyone to immediately identify bank emails and websites versus phishing and spoofing attacks. A .BANK domain creates verifiable websites and emails that are prepared for digital banking products and services where banks provide actionable financial guidance, and customers share additional personal and/or financial information. Employees, vendors, and customers simply “Look for the .BANK” to help prevent breaches, ransomware, identity theft, and financial fraud in day-to-day interactions.
What customers should know about .BANK: If your bank has moved to .BANK, it has prioritized and enhanced its cybersecurity against phishing and spoofing, the leading causes of breaches, identity theft and financial fraud. A .BANK domain is like ‘.gov’ and ‘.edu’, but for the banking sector. By looking for .BANK at the end of an email address or website URL you can confirm they are authentically from a bank helping protect you from cyberattacks that steal personal information or login credentials. Our ‘Pioneers’ badge recognizes the banks who have added this important layer of cybersecurity.