Phishing continues to play a dominant role in the digital threat landscape. Verizon Enterprise, for example, announced in its 2020 Data Breach Investigation Report (DBIR) that Phishing/Phishing attacks are the second-largest type of threat in security incidents.

So it's not surprising that more than a fifth (22%) of data breaches analyzed by Verizon Enterprise's researchers involved some form of phishing.

​

Digital scammers aren't likely to slow down their phishing activity in 2020, either. Because, a report from Google revealed that phishing websites increased 350% from 149,195 in January 2020 to 522,495 just two months later. Most of these websites most likely used Corona virus as a (COVID-19) bait.

Indeed, Barracuda Networks observed that phishing emails using the outbreak as a theme rose from 137 in January 2020 to 9,116 at the end of March.

The rise of phishing attacks poses a significant threat to all organizations. It's important for companies to know how to spot some of the most common phishing scams if they want to protect their corporate information.

Types of Phishing/Phishing Attacks and Precautions to Take

1. Imitation

Impersonation is by far the most common type of phishing scam. Scammers impersonate a legitimate company or person to steal personal data or login credentials. These emails often use a sense of threat and urgency to get users to do what attackers want.

 

Techniques Used in Counterfeit Phishing

Vade Secure shared some of the most common techniques used in this hack tobacco:

• Legitimate links: Many attackers try to evade the blocking of email filters by adding links in their emails that most users know. They can do this by adding a fake organization's contact information.

• Combination of malicious and harmless code: Those responsible for creating phishing homepages often blend malicious and harmless code to fool Exchange Online Protection (EOP). These pages, like Facebook, LinkedIn, Instagram or Gmail, aim to not arouse suspicion in the users who enter the page.

• Redirects and shortened links: As we mentioned in the article above, attackers do not want to frighten their victims, that is, arouse suspicion. That's why phishing campaigns use shortened URLs to fool blocks on Secure Email Gateways (SEGs). The user trusts these e-mails more that pass the barriers.

• Change brand logos: Some email filters may notice that malicious individuals steal organizations' logos and include them in attack emails or phishing homepages. It detects this by looking at the HTML properties of the logos. Malicious people, for example, change HTML element colors to fool these detection tools.

• Minimum email content: Attackers try to evade detection by adding minimal content to s emails. For example, they may choose to do this by adding an image instead of text.

 

Current Examples of Deceptive Phishing Attacks

As an example, PayPal scammers can send an attack email telling buyers to click on a link to resolve a conflict in their account. In reality, the link may be pointing to a website designed to emulate PayPal's login page. When this website tries to authenticate the victim, it collects the login credentials and sends this data to the attackers.

Recently, researchers at Cofense detected an email attack that appeared to come from a security training firm. The attackers wrote in this email that the training opportunities they offered were the last day. If victims believed this attack, they were redirected to a fake OWA login page and their Microsoft credentials were stolen by the attackers.

How to Take Action Against Imitation Phishing?

The success of spoofing phishing depends on how similar the attack email is to an official correspondence from the abusive company. As a result, users should carefully examine all URLs to see if they are redirecting to an unknown or suspicious website. They should also pay close attention to grammar and spelling errors found in the email.

2. Spear Phishing

Not all attackers act with the "send to everyone and wait" technique. Attackers think like us because time is money. The clearer the target of an attack, the higher the chance of success, which is very important because the more resources (time) allocated to certain targets.

In spear phishing, scammers equip their email with the target's name, position, company, business phone number, and other information to trick the recipient into believing they have a connection to the sender.

The goal is the same as phishing with impersonation. Attackers trick the victim into clicking a malicious URL or email attachment, giving them personal data. Given the amount of information required to perform a convincing attack attempt, attackers use multiple data sources to generate targeted email. As you can imagine, these resources are social media platforms.

Techniques Used in Target Phishing

Here are some of the most common techniques used in spear phishing:

• Hosting malicious documents in the cloud: CSO Online reported that attackers are increasingly hosting their malicious documents on Dropbox, Box, Google Drive, and other cloud services. By default, IT is unlikely to block these services, meaning that the organization's email filters cannot block weaponized documents.

• Explore social media: Attackers need to find out who works for a targeted company. They do this by researching the structure of the organization and deciding who they want to choose for their targeted attacks. They actively use social media for this situation.

Examples of Targeted Phishing Attacks

Proofpoint reported that at the beginning of September 2020, it carried out 2 attacks by the China-based APT group TA413. The first took place in March and published WHO's “Critical preparedness, readiness and response actions for COVID-19, Interim guidance” targeting European government agencies, non-profit research organizations and global companies involved in economic affairs. Second, he targeted Tibetan dissidents with his PowerPoint presentation.

Less than a week later, Armorblox announced that a company that was ranked among the 50 most innovative companies in the world in 2019 has been hit by a phishing attack. The email was intended to trick the recipient into containing an internal financial report.

What Precautions Can Be Taken Against Target Phishing?

Organizations that want to protect against this type of attack should provide social media training to their employees and prevent the sharing of sensitive information, in addition to other security measures.

Companies should also invest in solutions that analyze incoming emails for known malicious links / email attachments.

​