In the case of email-based phishing methods, scammers are taking their game up a notch as they open avenues for targeted attacks, BEC attacks, and ransomware, among other infections. Mobile phones have become an intrinsic feature of human life, and thus, a popular choice among criminals because now they can use any one of the hundreds of apps found on users’ devices.
Phishing for credential theft
The coronavirus pandemic acted as fodder for phishing attacks and some groups still continue to feed on it.
- According to an analysis by Proofpoint, 57% of surveyed organizations claimed to be hit by a successful phishing attack in 2020. Manufacturing companies saw the highest average volume of phishing emails.
- Lookout, a mobile security firm, revealed that there was a 67% rise in phishing attacks—to steal login credentials—on government organizations in 2020 as compared to the previous year.
- One in 30 federal workers was subjected to an attempt in 2020, but that rate jumps to one in 13 at the state and local levels.
- Phishing prevention and detection firm Cofense analyzed millions of malicious emails across industries and found that 57% of phishing emails were aimed at stealing victims’ usernames and passwords.
- Meanwhile, 45% of phishing attacks directed toward credential-stealing exploited Microsoft-related services, including Office 365 and Teams.
Following data loss, compromised accounts or credential theft is the second biggest effect of successful phishing attacks.
Recent phishing baits
- Security analysts spotted two phishing scams aimed to extract work email account credentials of more than 10,000 Microsoft users by sharing a fraudulent FedEx online document and shipping details from DHL Express.
- Last week, a new fraud campaign reportedly impacted 50,000 Google’s G Suite users via fake IRS tax forms asking them to fill out a W-8BEN tax exemption form to protect their status.
With billions of emails exchanged every day, hackers have a massive attack surface to exploit. Experts urge organizations to fortify their security infrastructure to secure access to email systems and prevent the spread of malicious content and attachments. Proofpoint found that only 28% of organizations cover email reporting in their security awareness training program. Organizations weighing over training employees on cybersecurity, especially phishing, has been a result-yielding move.