As services become increasingly digitalized cybercrime has also become more common. One of its most successful forms is phishing where the attacker tries to fish some sensitive information from the target, such as payment information (Desolda, 2021). Phishing is often disguised to look alike well-known organizations. However, the difference between the phishing scams and the organizations used in these can become blurred in the minds of consumers. This idea is linked to the spillover effect, where the associations of two interconnected concepts may spread to each other (Collins & Loftus, 1975; Wang & Korschun, 2015). Brand image is also built through consumers' perceptions and experiences, which is why it is prone to change (Srivastava & Shocker, 1991; Aaker, 1996). When cybercriminals use organizations to disguise their phishing attacks, it can be pondered if the negative associations formed in phishing experiences can spill over the target organization's brand or place its communication in a more vulnerable position. The purpose of this study is to expand the understanding of the meaning of phishing attacks performed in the name of the organization for its brand. The goal is to inspect the changes of young consumers’ attitudes towards banking sector brands, in the name of which they have faced phishing. The research also aims to inspect what role the organization's communication plays in phishing cases and whether these make the organization's communication more vulnerable. According to this study the clearest meaning of phishing for the organization's brand is in its association changes, where the trust is emphasized. However, association changes can be positive or negative. The organization's own communication activities and the customer experience of phishing damage situations play a significant role in the formation of associations. Phishing can also put the target organization's own communication in a more vulnerable position, which highlights the increased mistrust of communication through personal channels. However, young citizens expect organizations to communicate to their stakeholders about phishing on the organization’s own channels. To protect their brand, organizations should include phishing attacks as part of issues management, whose communications should focus on spreading awareness of phishing attacks and provide guidance on how to protect against them.