Since the start of September 2019 we’ve seen some major attacks, including a Facebook data leak which exposed more than 400 million telephone numbers and an Android software vulnerability which revealed devices were susceptible to SMS-based attacks that could change device settings remotely. While these attacks and leaks trigger entire news cycles, they do not generate the highest revenue return for cybercriminals. That prize goes to phishing. It’s one of the oldest attack methods, first seen in the wild around 1995 and only gaining strength.
Phishing schemes are easier to pull off, repeatable and, due to the ability to scale campaigns, only require a miniscule return to generate significant revenues. Some campaigns achieve this by stealing and reselling personal data, others by tricking people into making unnecessary scam-purchases.
As SPAM filters have become more effective at catching a high percentage of attempts, and users are better educated to spot those that do slip through the net and end up at an inbox, phishing has had to get smarter. Most people also know that before clicking on a link it’s good practice to hover the mouse cursor for a moment to see the full URL displayed. A rudimentary phishing attempt will try to redirect to a totally unsuitable or badly named website, and, for most users, the next action will be to hit “delete” and move on.
However, new, smarter phishing campaigns are popping up as cybercriminals leverage emerging technologies and tools like spoofing, automation, machine learning and social engineering. Be on the lookout for the latest tactics:
• Using SSL certificates: Until recently, one of the simplest ways to spot a phishing site was that it would be pref ..
Support the originator by clicking the read the rest link below.
