There are various forms of cyberattacks but the most common type is Phishing. This social engineering based attack is usually carried out via email but has now evolved into phone calls, social media, text messages, messaging services and other apps. Phishing uses these outlets by impersonating legitimate institutions to trick victims into giving up their data such as login information and credit card details. These attacks use convincing emails or messages to lure unsuspecting targets into clicking malicious links that will either install malware or gather the information that is given, which can lead to stolen funds, unauthorized purchases or identity theft.
It might sound like a basic form of cyberattack but it can be devastating for the targets of these crimes. Hackers manipulate the victims’ fear and emotions by sending emails or messages that will urge them to take action. For example, victims will be sent emails that will state that their accounts are being closed or their emails are being hacked. This will induce panic, causing the user to click on the link before they could properly process anything else.
Phishing does not only target the average user but also high-profile corporations and government institutions. Attacks can vary from mass campaigns where the goal of these hackers is to make a quick profit or a more discrete attack on a specific institution to gather sensitive data from them— an attack called spear-phishing. Companies such as Facebook, Google, and Crelan Bank are just some of the companies that have fallen victim to this cyberattack, costing them millions of dollars.
Back in 2016, Belgian based bank Crelan was a victim of a business email compromise (BEC) scam that cost them approximately $75.8 million USD. The hackers were able to access the email of high-ranking executives in the company and managed to convince the financial department to make the payment to an account owned by the attackers. Another incident of phishing of that year was the leaked gmail account of John Podesta, the chairman of then presidential candidate Hillary Clinton of the 2016 Elections. The foreign hacker group Fancy Bear sent an email to Podesta impersonating Google to change his email after an attempted hack, linking a compromised website that made it possible for them to gain access to Podesta’s account. This led to thousands of emails being leaked into WikiLeaks.
While 2020 was a year of hardships and losses, hackers took this an opportunity to create something new: Covid-19 scams. They used the fear of the virus and people’s uncertainty to trick them into falling for their schemes. Hackers impersonated health organizations and trusted platforms like Zoom and Skype to steal users’ information. These emails would claim to provide information about the outbreak and give countermeasures, linking malicious websites and PDFs to download. People were also receiving fake job termination meetings through Zoom. Because of this new threat, it is reported that 18 million COVID-19 themed malware and phishing emails were being blocked per day by Google’s Threat Analysis Group. Just last month, May 29 2021, the US government and aid agencies were targeted by foreign hackers, who are believed to be the same group behind the SolarWinds cyberattack.
We are well beyond the Nigerian prince scams and have now evolved into something more complex, advance and, even, dangerous. As millions of phishing websites are produced each year, hackers are becoming better and more accurate in their impersonation of legitimate companies, making it easier for the average user to fall for their tricks. Despite its seemingly simple ways, phishing remains the most likely threat to breach a company’s network. With that being said, companies need to create a defense strategy that will keep hackers away. First, corporations should establish an educational campaign amongst employees at all levels to ensure that everyone is aware of the dangers of Phishing campaigns to avoid falling prey to these scams. Second, apply a brand protection solution that effectively identifies phishing campaigns and proactively protects the organization from these malicious activities. Cybersecurity has become a necessity in this digital age and establishing an advance defense greatly reduces the risk of a breach.
—-
References:
- Euronews. “Aid Agencies Targeted by Phishing Emails Blamed on Russia.” Euronews, 29 May 2021.
- Check Point Software. “The Top 5 Phishing Scams of All Time.” Check Point Software, Check Point Software, 11 Feb. 2021.
- “What Is Phishing: Attack Techniques & Scam Examples: Imperva.” Learning Center, Imperva, 17 June 2020.
- Newman, Lily Hay. “Watch Out for Coronavirus Phishing Scams.” Wired, Conde Nast, 31 June 2020.
- Kelly, Tom. “How Hackers Are Using COVID-19 to Find New Phishing Victims.” Security Magazine RSS, Security Magazine, 23 June 2020.
- Fruhlinger, Josh. “What Is Phishing? How This Cyber Attack Works and How to Prevent It.” CSO Online, CSO, 4 Sept. 2020.