Phishing attacks are evolving in their approach. The latest report from Vade Secure concludes that big consumer software companies like Microsoft, Netflix, and Payal were impersonated by hackers to carry out the most phishing attacks.
Phishing attacks in 2018 utilized social engineering to steal people’s credentials. The steps involved in phishing attacks remain the same. However, these fake-warning phishing emails contain, sound more convincing than ever before.
Phishing Attacks Scare User With Account Deactivation
Although there was a 4.5% decrease in the number of phishing attacks impersonating Microsoft accounts, it still remained at the top. Hackers have utilized the immense popularity of Microsoft Office’s 365 accounts to send phishing emails to users.
The email is usually titled ‘Email termination Notice‘. The email content informs the user that either their last payment was declined or their account has been deactivated. The email also says that it could be just an error which can be fixed with a one-time login. As users enter their credentials, the hackers steal them.
The hackers make sure that the fake email looks extra convincing. They use the original template background, a fake “[email protected]” office 365 address and much more.
In the case of phishing emails impersonating a Netflix account, several legit links to the company were present inside the email. Only one link was malicious in nature. Phishing attacks using Netflix accounts saw an 11.9% increase in 2018 and they mostly scare users of fake account termination or suspension.
PayPal, with almost 250 million registered users, saw an 88% increase in phishing links generated by hackers. With such a huge presence online and an incentive to steal PayPal links, hackers leave no stone unturned in making their phishing email sound convincing.
How To Stay Protected
The biggest problem with these attacks is their use of social engineering tactics. Hackers are impersonating services that handle our money, work and entertainment. Any change in them can impact our lives in more ways we can think of.
The best way to avoid a phishing attack is to never give out too much information on social media or any other website. Before you post your passport pic make sure no numbers are visible.
When contacted with an email titled ‘account termination’ or ‘payment declined’ always contact the respective customer support services to double-check its authenticity.
Advanced users and enterprises can also use email protection solutions to automatically filter out phishing emails.
How Online Attacks Are Evolving
Hackers are evolving their tactics across every type of online attack. We recently informed you how ransomware attacks are using useful tools like antivirus to distract users while their files are being encrypted.
The pattern emerging out of these online attacks mainly consists of three fundamental steps:
- Trick the user into thinking he needs a service or is about to lose a service
- Ask him to download or log into a malicious program
- Keep users distracted as online attack continues
For more information on different types of social engineering attacks, you can read our helpful guide here. You can also refer to our list of the most common email titles that are bound to contain a phishing link.
Also Read: Google To Ban Embedded Browser Logins To Stop Man-In-The-Middle Attacks