Nearly 2000 Potential Phishing Domains Registered From January to June

Focused on Tricking Customers of World’s 50 Largest Banks

VIENNA, VA, August 14, 2019 – Cybercriminals continue to use phishing to lure bank customers and steal personal and financial information, according to new research from Black Kite, the only provider of standards-based external cyber risk assessment and mitigation recommendations.

An investigation of the 50 largest global banks found that more than 1900 potential phishing domains were registered in the first half of 2019. Designed to trick consumers into thinking they are doing business with a bank they already trust, hackers create websites that impersonate financial institutions and then steal sensitive information such as credit card and banking data that consumers openly share. Nearly one-third of all data breaches involve phishing, according to the 2019 Verizon DBIR Report.

Successful phishing campaigns use a website address that seems to be legitimate. Black Kite found that potential phishing domains increased by 14% in the first half of 2019 vs. the same time period in 2018.

Phishing remains one of the hardest cyber attacks to prevent as they become more sophisticated. The padlock icon on a browser address bar and the use of “https” in domain URl address indicates that a website domain has a valid SSL or TLS certificate and a certain level of security. However, 15% of potential phishing domains registered in the first half of 2019 had valid certificates, making it extremely difficult for consumers to determine a fake.

“Phishing continues to pose significant challenges to both banks and consumers. For banks, the inability to reduce phishing attacks posing a significant risk to brand reputation and consumer trust. For consumers, phishing can have significant financial repercussions,” said Mohamoud Jibrell, CEO of Black Kite. “Banks need to continually monitor domain registrations and focus on the most likely domains that may be used to trick customers.”

Black Kite offers a free “Potential Phishing Domain Search” that banks and consumers can use to investigate potential phishing domains impersonating banks. Users can simply enter a domain and receive a score to evaluate the likelihood that a website may or may not be used as a front for phishing.

Black Kite warns that more than 3,500 new phishing domains will be active by year’s end and hackers often like to lie in wait. Even if a domain is not used for an attack this year, it is at risk for activation in the future.

About Black Kite

Black Kite enables enterprises to assess, prioritize and address the third-party cyber risk of any company, anywhere within 60 seconds. Using easy-to-understand scorecards, we provide standards-based letter grades on various risk categories, along with data on how to mitigate each risk in priority order. Black Kite provides the speed, standards, and substance needed to combat the newest risks and threats facing organizations today. 

Learn more at

Contact: Adam Benson, 202.999.9104, [email protected]