REPORT: Regional banks, credit unions under attack by online brand impersonations in 2022

In Q1 2022 alone, an analysis of 3.6 billion websites found 1 in 5 credit union and regional bank brands targeted by an average of 5 brand impersonation attacks

BOSTON, MASSACHUSETTS (June 23, 2022) — Allure Security – the fastest, most accurate online brand protection solution – today unveiled its “2022 Threat Brief: Credit Union and Regional Bank Brands Under Attack” revealing that scammers have put these institutions and their patrons in their crosshairs. Online brand impersonation attacks involve fraudsters publishing a website, social media account, or mobile app that imitates a brand’s imagery and messaging to trick consumers into divulging banking credentials, payment details, and more.

“The world already knows that major financial institutions find themselves within cybercriminals’ sights, but adversaries increasingly target regional banks and credit unions with online brand impersonation attacks as well,” said Allure Security CEO Josh Shaul. “Fortunately, technology has advanced so these attacks can be stopped more quickly, effectively, and economically than old-fashioned or manual methods such as domain monitoring or iterating on permutations of a brand’s domain name.”

Allure Security’s AI-powered detection engine evaluates more than 40 million websites daily for brand abuse. This report surfaces insights from that data, isolating regional bank and credit union brands, for the quarter ending March 31, 2022:

  • In just the first 90 days of 2022, 164 regional bank and credit union brands in the sample experienced 870 online brand impersonation attacks – The study provides a snapshot in time of a mere sample of the population of such attacks, suggesting a far more extensive problem.
  • Common domain monitoring methods FAILED to identify 69% of these attacks – Using the same data sample to pit domain monitoring against AI-powered online brand protection-as-a-service exposed domain monitoring as mostly ineffective.
  • Domain monitoring required evaluating more than 18 thousand websites and up to 302 person hours to find a single online brand impersonation – Not only is domain monitoring alone insufficient, it’s also absurdly resource-intensive.

To download a complimentary copy of the full 2022 Threat Brief, visit:

About Allure Security

Allure Security protects brands by finding and stopping online brand impersonation attacks before customers fall victim. Our patented, artificial intelligence-powered engine finds more spoofed websites, social media accounts, and mobile apps more quickly and with greater accuracy than legacy approaches. Our unique, multi-pronged approach to response – blocklisting, decoy data, and takedown – significantly reduces the lifespan of a scam and the damage it can do.


Sam Bakken

More News