In the vast expanse of the digital world, cybercriminals have perfected the art of deception to exploit human vulnerabilities. For threat actors, the most preferred method of attack are still emails. Among their most cunning tactics is phishing – a technique that uses fraudulent emails to lure individuals into divulging sensitive information. A report by OpenText Cybersecurity, examined more than 13 billion emails sent in 2022, and found that email threats are on the rise. Approximately 56% of emails were spam, phishing, and emails with attached malware. This is a 12.5% increase compared to the previous year. Of the 7.3 billion emails that had these threats, over 1 billion emails were phishing emails. Furthermore, the report found that there are phishing spikes at various times of the year. Holiday and tax season remains the most active times for URL phishing and fraud. The Anatomy of Phishing Attacks Phishing attacks are like modern-day Trojan horses, using emails that appear genuine to entice recipients into taking actions that compromise their security. Cybercriminals invest time in crafting deceptive emails with the following elements:
Most Popular Phishing Tactics According to the report, these are the most popular phishing tactics utilized by threat actors to scam businesses. Spear-Phishing & Business Email Compromise (BEC) Attacks As said above, cybercriminals tend to make emails more personalized and complex to deceive recipients. This is known as spear-phishing. For BEC attacks, cybercriminals tend to use spear-phishing tactics to deceive recipients into believing they are involved in a real business transaction, with the goal of getting the recipients’ financial account information. They do so by conducting extensive reconnaissance on their potential targets. They utilize information from company websites, Linkedin, publicly disclosed financial information etc. to craft spear-phishing messages. One popular BEC technique cybercriminals utilize is using a domain with a name that is very similar to a real and well-known company OR creates one or more email addresses that look similar to those of real employees. Furthermore, the email itself may look legitimate, with the text, style and logo that is similar to the organization’s standard email template. ‘Live Off The Land’ Attacks There are an increasing number of phishing attacks that leverage legitimate services, such as Google and Amazon Web Services, to fool users. Threat actors tend to use known and trusted URLs that will redirect users to malicious sites or host the phishing payload itself. Leverage Current Events Threat actors like to use current events to pressurize recipients to comply with their demands. For instance, threat actors can send a malicious email pretending to originate from the U.S Internal Revenue Service (IRS) which contains a malicious file that will deliver malware. These messages also usually convey a sense of urgency, hence pushing recipients to make rush decisions due to their panic, confusion or worry. Incorporate Technology That Recipients Finds Reassuring Internet users are familiar with CAPTCHA technologies as a security product or for extra verification, i.e. having to choose those squares that contain photos of cars, traffic lights or bicycles. Threat actors now regularly integrate CAPTCHA technologies into phishing attacks to deceive users into thinking they are safe, and their site/page is legitimate which actually hosts threats. One example is Truist, a financial corporation that was targeted by threat actors using this method. Victims were sent an email that had a hyperlink called “Finish To-Do List”. When they clicked on the link, victims were redirected to a page with a Truist-branded CAPTCHA, and also had to input their phone number. These helped to add credibility to the link, however this also now made victims’ phone numbers available for future mobile attacks. After inputting this information, victims were then taken to a Truist-branded credential-harvesting page where the threat actors stole their information. Why Phishing Emails Get the Most Bites Based on the above, we further explain why phishing emails are gaining in popularity, and why many still fall for phishing emails.
Staying Ahead: Strategies to Defend Against Phishing These are some best practices that you can adopt to defend you and your organization against phishing attacks and ensure their online safety.
Takeaway Phishing emails represent a strategic manipulation of human psychology in the digital realm. Their effectiveness lies in exploiting trust, urgency, and cognitive overload. However, knowledge is power, and by understanding the tactics used by cybercriminals, individuals and organizations can arm themselves against these deceitful attempts. Through education, awareness, and adopting cybersecurity best practices, we can take a proactive stance in thwarting phishing attacks and fortifying our digital landscapes. Remember, the next email might not be what it seems; always stay vigilant and question before you click. Cyber Security For Organizations with TAFA With the current cyber environment, organizations are facing increasingly sophisticated cyber threats. To protect against these threats, it is necessary to utilize cybersecurity solutions that can prevent zero-day and advanced cyber threats and also help ensure regulatory compliance. With our prevention first and zero-trust approach to security using machine learning (ML) and artificial intelligence (AI), TAFA Shield will strengthen your company's ability to prevent and block cyber attacks and threats. To learn more information about TAFA Shield and how we can help your company, do not hesitate to contact us for more information. Related Topics The Rise Of Phishing: Safeguarding Against Digital Deception Protect Yourself: Best Practices to Combat Phishing Attacks The Common Signs Of Being Cyberattacked 7 Types of Cyber Security Measures SMEs Need to Protect Their Business Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|