Phishing has been a problem in the world of cybersecurity and email security for a very long time. But the real problem with it is the fact that it’s constantly evolving. Hackers keep finding new ways to successfully scam businesses all over the globe. Now, with all the pandemic, things are much worse!
To protect yourself from these attacks, it's vital to understand what has changed in the world of phishing, what kind of new attacks have been created, and a lot more. With that in mind, we decided to take an in-depth look at all the most important and latest developments you need to know.
What the Newest Statistics on Phishing Say
In one year, Ransomware attacks have grown 14 times! And, as usually, Email phishing is the primary attack vector.
91% of all cyberattacks in the world begin with a spear-phishing email. Most of these emails use malicious file attachments (94%) to deliver their payload, while only a small number (6%) use alternative methods, like malicious links that deliver malware once clicked. The types of files cybercriminals usually use are .RTF, .XLS, .ZIP, and .EXE. The last, .EXE, is used the least, as most software solutions automatically block them.
According to Telefonica, phishing is the top security threat for businesses. That's because as many as 89% of the threats they stopped during their research are related to phishing. They also discovered that a new type of threat is developed every six seconds.
In the last quarter of 2019, phishing emails that prompt you to check your password garnered the most clicks. According to one study, 39% of people ended falling for these kinds of messages and gave away their passwords. Similar percentages were recorded in the second and third quarters of 2019.
What Are the Latest Phishing Techniques
Attackers are becoming much better at disguising their malicious emails as regular emails that people typically receive. That’s why it’s now more important than ever to avoid rushing into clicking links and opening files within legitimate-looking emails. A zero trust culture must be employed in companies today for employees to avoid making these simple mistakes.
Attackers have started using techniques like hidden text attacks to disguise their attacks and fool both users and security software. They involve putting hidden characters between letters, which are then invisible to users.
Some criminals have started embedding images into emails that appear to be PDFs. People end up clicking them and are redirected to a malicious website that asks for their credentials.
The most interesting attack that has come up lately is a homograph attack. Cybercriminals use Unicode lettering to create characters that appear as regular letters but are actually completely different ones. This allows them to create a domain name that appears like something you know, yet it's something else entirely.
The Bottom Line
Phishing is always evolving, and your company needs to stay in the loop on the latest happenings if you are going to remain protected.
In addition to that, you also need to make sure your protection software is updated and able to defend you from most phishing emails.