New data provides a multi-faceted look at the changing face of phishing attacks. This data includes who’s being targeted, the tactics being used, and why phishing attacks continue to work. If 2022 is any indication of what the remainder of this year will hold for organizations fending off cyber attacks, cybersecurity efforts are going to need a whole lot more emphasis.
In recent years, phishing attacks have become increasingly prevalent and sophisticated, posing a significant risk to individuals and organizations alike. In fact, 92% of organizations fell victim to successful phishing attacks in the last 12 months. As cybercriminals continue to exploit human vulnerabilities through social engineering, the impact on employee stress levels is a growing concern that cannot be ignored.
Phishing attacks have been the most persistent and widespread form of cybercrime for decades, but cybercriminals' tactics and methods are continually evolving. In the past, attacks were simpler and easier to spot. However, as technology has advanced, and more people go online, cybercriminals have become more sophisticated in their methods, making their attacks harder to detect.
Netskope Threat Labs is tracking a phishing campaign that mimics a FedEx package delivery as bait to steal credit card data. This type of social engineering attack is commonly found in phishing pages, emails, and other scams, where a false sense of urgency is created to urge the victim into doing an action that eventually leads to personal data theft.
Social media is designed of course to connect, but legitimate modes of doing so can be abused. One such case of abuse that’s currently running involves Linktree, a kind of meta-medium for social media users with many accounts. If you’re unfamiliar with Linktree, which, we stress, is a legitimate service, here’s how the company describes what it will let you do.
New data shows that cybercriminals started this year off with a massive effort using new techniques and increased levels of attack sophistication. According to cybersecurity vendor Vade’s Q1 2023 Phishing and Malware Report, the number of phishing attacks in Q1 this year reached the highest total since 2018. While January represented the lion’s share of Q1 phishing volume (approximately 87%), Vade detected over 562 million phishing emails.
Earlier this month, state employees in the US state of New Jersey began receiving emails that falsely represented themselves as originating with the state’s attorney general. “At first blush, the communiques appeared to come from the state Attorney General's Office and sported a convincing njoag.gov domain.
Ahead of US Tax Day on April 18, 2023, attackers are taking the opportunity to send finance-related phishing attacks. There has been a 164% increase in tax-related phishing emails since February 2023 and a 32% increase versus 2022 levels. Typically in these attacks, cybercriminals attempt to convince victims that they have a tax refund available or have underpaid their taxes, when in reality, the email contains a malicious link or attachment.
A method used in domain impersonation attacks, combosquatting aids the threat actor by using a modified domain name to further increase the credibility of an attack. If you aren’t familiar with the term combosquatting, it’s where a threat actor takes a legitimate domain – let’s use companyco.tld and combine another phrase with the domain name to create something like support-companyco.tld.
