Skip to main content

How Phishing Has Evolved in 2019

Phishing attacks host every kind of malware and ransomware attack but what’s worse is that these attacks are on the rise.

Starting in 2012, ransomware took the Internet by storm, thanks to latest phishing techniques. Unsuspecting and unprepared users, both individuals and businesses, found their screens frozen, their data no longer their own, and the only chance of getting it back coming in the form of sending payment, usually with untraceable cryptocurrency, to the perpetrators of the crime.
The number of these attacks grew year after year, topping 181 million in just the first six months of 2018, a 229% increase over the same timeframe in 2017. From there, a funny thing happened. Security, user awareness, and organizational control started catching up with ransomware in the second half of 2018. By the end of December 2018, ransomware attacks had dropped 60% year over year.
Unfortunately, a decline of one form of malware tends to be cold comfort and hardly the end of the threat overall. Stymied in their attempts to use ransomware to rip users off, cybercriminals are turning back to the stratagem of phishing, one of the Internet’s oldest and most effective mechanisms of hacking. Using aprotective antivirus software for your machine is a must in this case.

The Phishing Surge of 2018

Between January and December 2018, Microsoft reported a 250% increase in phishing, with more than 470 billion sketchy email messages polluting the Internet ecosystem.
It is noteworthy that phishing involves shady practices of trying to hoodwink users to visit a website where either their data is stolen or their systems are infected with some sort of malicious software. To get their hooks into would-be victims, the crooks usually leverage links or attachments in email messages, links in social media messaging, or texts in popular instant messengers.
The phenomenon of phishing is heterogeneous and spans several sub-categories based on the target and the channel of orchestrating the attack. The ones are known as spear phishing and whaling proved to be particularly dangerous and effective. Whereas a mainstream phishing campaign involves dodgy messages sent to numerous people and therefore resembles a shot in the dark to an extent, spear phishing zeroes in on a particular user.To prep for such an attack, threat actors perform thorough research and figure out the target’s pain points, habits, and lifestyle details. This information allows the malefactors to tailor a refined message the victim can’t help opening.
Whaling, another growingly common type of phishing, focuses on top executives within a particular organization. By compromising a CEO’s email account, for instance, attackers can impersonate the victim and send booby-trapped messages to employees who will plunge headlong into following the enclosed instructions because they trust the sender.
As they did with ransomware, users were able to evolve to a point where it became a lot easier to identify phishing attempts. Unfortunately, cybercriminals are always looking for new ways to manipulate individual users and businesses, so they have been hard at work coming up with new techniques to succeed. That has led to at least seven new types of phishing attacks on the rise that are covered below:
  • Links to rogue cloud storage locations: This method is being heavily used to phish employees of a company who are usually not well versed in every single software and resource their company uses. A fake cloud link will ask for a username and password. Employees usually have one overarching password for all or most of their work-related logins, and typing it in here would givehackers that coveted information.
  • Phishing attachment: Even if the recipient is smart enough to refrain from clicking a link in a phishing email, the attachment can open when the email is opened.
  • Credential phishing links: Fraudsters can tailor an email that looks just like a genuine message from a service provider the targeted person uses. When it asks for credentials, the die is cast.
  • Fake texts: Getting a user’s phone number allows cybercriminals to send texts that appear to come from familiar sources, but actually, are luring the user to travel to a phishing website.
  • User impersonation: The hacker pretends to be someone you know to gain your trust and dupe you into clicking a link or downloading a malicious file.
  • Domain impersonation: An email message domain looks very similar to the one you trust, except that it has inconspicuous typos, such as a message from bankoamerica.com instead of bankofamerica.com.
  • Domain spoofing: The email message is a fraudulent exact match of the legitimate domain name. The hacker obfuscates the real domain underneath.  

Fighting Back Against Phishing
Exercising reasonable caution with every message you get via IM, text, or email is a rule of thumb to stay safe against phishing attacks. Anything that looks the slightest bit suspicious should be ignored and deleted. If you are unsure whether it comes from a trusted source, contact that source via another method to confirm they sent it.
To be a moving target, learn to identify the obvious giveaways of a phishing fraud. Look for spelling mistakes and other inaccuracies in the message and the sender’s email address. If you have ventured into clicking a link in a dubious email, check whether the resulting web page has a valid SSL certificate.
Moreover, beware of messages that set a deadline or otherwise coerce you to do something – the pressure is a telltale sign of phishing. Importantly, keep in mind that legit service providers won’t ask for sensitive information such as your login credentials – they already have it.
Above all else, well-known antivirus software for your machine should be researched, installed, and consistently updated to keep your system safe. Updating the software keeps its malware database aware of the most recent threats and reliably protects you against them.
Labels:

Comments

Post a Comment

Popular posts from this blog

List Of Sql Infected Sites-HACKEREAD

SQL injection  is a  code injection  technique, used to  attack  data-driven applications, in which malicious  SQL  statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).  SQL injection must exploit a  security vulnerability  in an application's software, for example, when user input is either incorrectly filtered for  string literal   escape characters  embedded in SQL statements or user input is not  strongly typed  and unexpectedly executed. SQL injection is mostly known as an attack  vector  for websites but can be used to attack any type of SQL database. List of SQL Infected sites:  http://www.genhound.co.uk/source.php?id=477 http://www.lcoastpress.com/journal.php?id=8 http://www.travellers-tales.co.uk/travelJournal.php?id=42 http://www.arrowvalves.co.uk/content.php?id=8 http://www.reaplasrack.co.uk/content.php?id=129 http://www.arrowval...
Post a Comment
Read more

Google dork list for XSS (Cross- site scripting)-2020

GOOGLE DORK LIST FOR Cross-site scripting -2020 Google Dorks  its also known as google query ,List “Google Hacking” is mainly referred to pull the sensitive information from Google using advanced search terms that help users to search the index of a specific website, specific file type and some interesting information from unsecured Websites. Google Dorks list  2020 can uncover some incredible information such as email addresses and lists, login credentials, sensitive files, website vulnerabilities, and even financial information (e.g. payment card data). Here you can see an example to understand how  Google Darks   password  used by hackers to gain sensitive information from specific websites. You can also use for Exploit DB site to give you according to you Search state. https://www.exploit-db.com/ “ inurl: domain/ ” “ additional dorks A hacker would simply use in the desired parameters as follows: inurl = the URL of a site you want...
Post a Comment
Read more

Popular Android Zombie game phish users to steal Gmail credentials

The app made its way to Google Play Store was also found phishing users for Facebook credentials. Scary Granny ZOMBY Mod: The Horror Game 2019 is the latest game on Google Play Store that is condemned by the digital security fraternity for sneakily stealing personal data from unsuspecting users. The game, which has been downloaded for over 50,000 times, was available for Android devices making Android users its primary target. The malicious app attempts to collect sensitive information such as Facebook and Gmail login credentials. The malicious activities of Scary Granny ZOMBY Mod were detected by the mobile security firm Wandera. The company found out that the app asks users to enter their Gmail or other Google account credentials, which are then used for collecting private data of the user by hijacking the account –  All of this happens, unsurprisingly, without alerting the user. Gmail phishing page on the supposed gaming app (Screenshot: Wandera) Rese...
Post a Comment
Read more