Phishing attack has never been so innovative when it comes to deception. Latest report determines big consumer software companies like Microsoft, Netflix, and Paypal were impersonated by malicious actor to carry out the most phishing attacks. They have utilized the immense popularity of Microsoft Office’s 365 accounts to send phishing emails to users. The email is usually labelled ‘Email termination Notice’. The email content notifies the user that either their last payment was declined, or their account has been deactivated. The email also says that it could be just a glitch which can be fixed with a one-time login.
How this is being done
The hackers make sure that the fake email looks credible. They use the original template background, a fake “firstname.lastname@example.org” office 365 address and much more. In the case of phishing emails impersonating a Netflix account for instance, several legit links to the company were present inside the email.User are lured to enter their credentials, then the hackers harvested their information from there on.
Actors used different strategies across every type of online attack. Local Antivirus program are used for diversion to users while their files are being encrypted.
- Netflix accounts saw an 9% increase in 2018, Phishing attacks using mostly scare users of fake account termination or suspension.
- PayPal, with almost 250 million registered users, saw an 88% increase in phishing links generated by hackers. With such a huge presence online and an incentive to steal PayPal links, hackers leave no stone unturned in making their phishing email sound convincing.
- Hackers have utilized the huge popularity of Microsoft Office’s 365 accounts to lead phishing emails to users at 5% decrease in number of phishing attacks impersonating Microsoft accounts, it remained at the top.
Model emerging out of these online attacks generally entails three fundamental steps:
- Require the user to download or login to a malicious program
- Mislead the user into thinking he/she require a service or is about to drop a service
- Keep users preoccupied as online attack continues
This is perhaps the simplest phishing tips and most effective as attack proliferate is every aspect from smartphone, email and browser.
- Recognize a phishing email
- Security update
- Secure Browsing