Phishing Attacks Surge in 2025, Impersonating Financial Institutions and Payment Platforms

• Spike in phishing: Recent reports indicate that campaigns targeting financial brands account for approximately a third of all phishing activity.
• Fake websites: Attackers exploit users' trust in widely used financial institutions and payment platforms.
• Impersonated brands: Among the exploited brands are PayPal, Venmo, Zelle, Payoneer, Visa, Mastercard, J.P. Morgan, Chase, and Santander.

A sharp increase in phishing attacks and similar scams is observed in 2025, as fraudsters are leveraging highly sophisticated email phishing techniques. Campaigns that impersonate payment platforms and financial institutions account for nearly 31% of all phishing activity, according to reports.

Email Scam Increases

Attacks targeting online payment platforms and financial institutions surged in Q1 2025, collectively accounting for 30.9% of all phishing activity, according to the BforeAI report, which cites reporting from the APWG. 

When it comes to Business Email Compromise (BEC) attacks, reported threats from spoofing, phishing, and BEC totaled over 214,850 in 2023, according to IC3. The Coalition’s 2025 Cyber Claims Report mentions that nearly 30% of BEC attacks involved funds transfer fraud (FTF).

BforeAI PreCrime Labs monitored 31 core financial services brands in banking, credit card companies, lenders, payment platforms, and more, over 3 months starting with April 2025 and observed 3,756 suspicious and newly registered domains, predominantly in the U.S., China, and the U.K.

Throughout this period, researchers say sophisticated BEC campaigns leveraged exploiting brand familiarity via typosquatted domains, AI-inclusive domain algorithms mimicking typical login pages, and search engine optimization (SEO) tactics.

The newly registered domains actively impersonated services such as PayPal, Visa, Monzo, Payoneer, and Cash App, as well as fake helpdesks and support centers, which involve Venmo, Zoho, and Skrill. Active spoofed domains lures included “Earn Free Cash offers, fake user login pages, loan and instant money transfer schemes, and travel card and gift card scams.

Some domain names combined the card provider Visa with banking institutions, including elements from Mastercard, J.P. Morgan, Chase, Santander, and others. 

In response to questions from TechNadu, BforeAI Security Analyst Rishika Desai confirmed that some spoofed domains observed during the study were already hosting active phishing content.

“Yes, we have observed spoofed domains hosting active content, luring victims under various themes,” Desai told TechNadu.

“Some of the most prominent were ‘Earn Free Cash’ offers, fake login pages, instant money transfers, and fake helpdesk scams. One of the newly registered domains was even used to distribute malicious applications.”

Desai also emphasized a key behavioral pattern among cybercriminals. “One of the key takeaways from this report is the leveraged use of recent news by cybercriminals to tailor their attacks and launch immediately,” she explained.

“Recently, we observed a surge in malicious domain registrations targeting J.P. Morgan and VISA, following their public announcement about expanding their operations in the European region.”

This targeted timing reveals how news-driven spikes in domain registrations can act as early indicators of coordinated BEC or phishing campaigns.

This email phishing spike relies on deceptive emails, often carrying urgent tones, crafted to impersonate trusted brands and direct recipients to phishing websites. The most recent example is a BEC scam leveraging fake Microsoft 365 login pages targeting aviation executives.

Strengthening Cybersecurity Awareness

To mitigate risks, emphasis on cybersecurity awareness is critical. The fight against phishing requires an informed and vigilant public, coupled with continuous advancements in cybersecurity technology, to safeguard sensitive digital assets from malicious exploitation.