Recent Phishing Attack Trends – For the past few years, phishing attacks have been very prevalent. And these attacks started to change form because the threat actors are using new tricks and new ways to attack for the purpose of targeting companies or individuals.
Luckily, specialists know of these kinds of attacks, which are very different from phishing messages. These people make an effort in order to protect companies and people. That’s why we see a lot of phishing attacks in newspapers. We know how the attackers got caught.
Now, we present to you four different and very prominent phishing techniques and recent phishing attack trends used by attackers recently.
1. Instagram Phishing Attacks
In our top recent phishing attack trends list, Instagram phishing attacks come first. Previously, attackers sent phishing emails, now they also prefer phishing messages using the Instagram platform. The threat actors imitate the Instagram Help Center. The email says that somebody filed a copyright infringement complaint to their account. So, it looks like their account might be deleted.
Or sometimes, users get a notification claiming to be a Password change requests, which is a fake message.
After clicking on the message, they see the imitated Instagram site and they are asked to fill in their username information. Then on the next page, they need to enter their email address and password.
If the user complies and continues to the next page, their information is sent to the attacker. After the threat actors get their credentials, they can get into the account, delete the phone number and change the email
They sign into the account, at that point detach the cell phone number and the email connected to the account and change it according to their desire.
2. Phishing Attacks Against Office365
Other recent phishing attack trends are phishing attacks against Office365. Likewise, analysts have also discovered a simple phishing scheme that targeted OWA Credentials. The attacker sent emails to the user saying they didn’t receive some emails because of some malfunction. Emails looked like they were from the service provider; in other words, their mail account. It tricked them into clicking a link that directed them to a fake site. Link had their organization’s name in it. So they clicked the fake phishing URL.
The fake site had a forged Outlook Web App portal. Once they log into the app, it sends their credentials to the attacker, and it redirects the user to the original app. With these findings, it was clear that this was a target-oriented phishing attack which poses a great danger to email security.
3. Vishing attacks
The attackers have also targeted the finance, telecommunications, and social media industries using vishing attacks.
Their attacks were very one of a kind since they attacked by making phone calls to these companies’ employees. They pretended to be one of the IT personnel and said they were checking on some problems regarding the company’s VPN. Their primary purpose was to deceive the employee and get their credentials. Employees either give their credentials over the phone or log into the website designed specifically for the phishing scheme.
4. Phishing Websites Containing Personal Information
A new regulation has been made regarding these types of attacks. Regulatory authorities reported several threat actors that used someone’s name or even their picture in a fake website to trick them into giving their credentials. They even used their employment information to make the trick more believable.
Aside from their credentials, these attackers used forms to get employee’s personal information. These included their email addresses and phone numbers. The attack was also made through phone calls.
5. Canva Case
Analysts have detected a file-sharing notification that appeared to be coming from the Sharepoint app. It looked like a phishing email mimicking the original notification. The email had an attachment that prompted the recipient to click the button that said ‘Open’.
When the recipient clicked this button, a document or file in the image editing application called Canva appeared. After that, the recipient had to click on an ‘Access Your Secure Document’ hyperlink in order to see the document or file. If the person clicked this hyperlink, it redirected them to a fake Sharepoint login page hosted on Weebly.
6. How to Stop Recent Phishing Attack Trends?
From the above examples, we can see that companies need a successful protection system if they wish to avoid phishing.
The attacks can be avoided by giving employees limited information about the company unless it is needed for their assignments. Even in that case, the employee’s actions should be checked. Any unusual activity should be detected immediately.
In addition to that, companies should give information and educate the employees on phishing and other kinds of schemes. They should be aware of the procedure they must follow in case of such an incident. Companies should also be aware of the sites with names similar to their names and buy these typo-squatting domains that can be used in a phishing attack.
Phishing attacks include stealing personal information, ransomware, online passwords, banking details, or money. Oftentimes the attacker uses an email, SMS, phone call, or even a fake website that looks like it comes from a reputable company in order to attack the user and capture the user’s information.
By constantly training the employees with the best cybersecurity training, you will reduce the risks of attacks such as phishing attacks and malicious software that will come over email, information leak, and you will protect your organization by training employees. By teaching your employees how to understand suspicious emails and fake web pages, you increase your employees’ cybersecurity awareness against phishing attacks
Try out security awareness training module developed by our team. We have numbers of training contents like HTML5 Security Training and Animation Training Videos in many languages, also extra materials such as Posters, Screensavers, Cyber Security Newsletters, Phishing Security Tips, Ninjio Animation Training Videos, gamified security awareness training. Use our security training and increase the cybersecurity awareness levels of your employees.
Free Simulated Phishing Tests Against Recent Phishing Attack Trends
Our Phishing Simulation tool provides users more than 80+ Turkish, English, German, French, etc. in 8 languages, each with a unique phishing email scenario.
You are able to edit or change or customize phishing email templates and fake phishing URLs for your business. It helps you test your employee’s awareness against phishing attacks. Also with the help of this, you are able to make your users aware of how phishing emails look and what they need to be aware of regarding fake emails and domains.
The results of the phishing campaign in the report are very clear. It is auto-generated and you can see statistics on how many people clicked the fake email or the link.
Protect yourself against these types of common Phishing Attacks using Keepnet anti-phishing solutions.
“This post is originally published at www.phishing.org.uk”
Teknoloji Haberleri