In 2022, no fewer than 3.4 billion phishing emails were sent every day, according to analysts from Radicati and Statista. How does a phenomenon that has been known for decades manage to break through the protective mechanisms again and again? Stormshield offers a look back at a circumstance that continues to claim victims.
The evolution of phishing
Phishing is a malicious technique designed to trick third parties into revealing personal information. The term phishing was first used in 1996 in a Usenet newsgroup called AOHell. To clarify the fraudulent intent of such attacks, the author intentionally changed the spelling from “fishing” to “phishing.” The successful theft of access data to AOL user accounts paved the way for a fundamental trend among cybercriminals who still use this tool against large companies today.
On this basis, the concept of “Spray and Pray” emerged in the 2000s. It refers to phishing campaigns in which special occasions are used as lures in randomly sent emails. Lottery winnings, charity campaigns, bank account closures – any topic lends itself to fraud. At the same time, “ clone phishing ” also emerged, in which brands with a high degree of recognition from everyday or professional life are used as bait.
An entire economy has now emerged behind phishing. Previously, individual actors generated revenue from a few victims. Now structured cybercriminal organizations use phishing to generate revenue, conduct industrial espionage, or wage economic warfare. Phishing attacks in which B2B brands are abused are anything but rare. Vade almost 23 million phishing emails that impersonated the Microsoft brand .
Cybersecurity vendors are responding to this threat with anti-phishing filters and dual authentication technologies. To get around this, cybercriminals engage in identity theft - a technique aimed at compromising an employee's email account (BEC or "Business Email Compromise"). The aim is to defraud colleagues, customers and partners by pretending to be the victim's identity. The so-called President's Fraud attack is a prime example of this and, for example, cost a French property developer a record sum of 33 million euros in January 2022.
Numerous types of phishing now coexist
Among them: The so-called “ romance scam ”, whereby cybercriminals usually charm widowed or single women in order to extort large amounts of money. Men are not exempt from this either: Sextorsion (attempt to blackmail the victim into alleged sexual acts) is a technique that is largely based on phishing and plays on the Internet user's gullibility.
Phishing campaigns have become increasingly sophisticated over time in response to cybersecurity software vendors' defenses and the public's maturity toward the threat. “Cybercriminals use the primary emotions of their victims to secure maximum clicks - usually out of fear of missing out on a great offer (job, deal, inheritance, etc.), losing money, having their subscription canceled or being fired becomes. Often these fears are uncontrollable and lead to an instinctive, quick reaction. That’s why this type of attack is so successful,” confirms Uwe Gries, Country Manager DACH at Stormshield.
The increasing complexity of phishing campaigns
Using tools to automate phishing campaigns such as: B. Gophish or Sniperphish, cybercriminals are now equipped with ready-made templates for trapping sites and email templates and, above all, adapt to new fashions. After years of global dominance of bank-related emails, Facebook, LinkedIn and WhatsApp were among the most abused in such campaigns in 2019 to 2021, alongside brands such as Google and Apple. After the COVID-19 wave, logistics brands were again targeted: DHL, FedEx, Amazon and AliExpress are among the ten most abused brands worldwide.
New tactics such as typosquatting (e.g. “mcrosoft.com” instead of “microsoft.com”) or obfuscating phishing URLs by stringing together redirect links are being used so that phishing filters are unable to detect them to determine the final URL. Embedding email texts in images to counteract text-based recognition is also one of the types of attacks. Even logos are embedded in a table consisting of a series of cells one pixel wide to bypass logo spoofing filters.
Database leaks containing email addresses and phone numbers are also a real goldmine for cybercriminals. On the list of record data leaks are Yahoo in 2013 with 3 billion user data, Facebook in 2019 with 540 million data or Instagram in 2020 with 200 million data. Using the same password for multiple platforms makes it easier for accounts to be compromised and, through more targeted communication, leads to a sharp increase in the number of phishing victims.
There are also new phishing vectors. as “ smishing ,” appears to have accelerated sharply during the lockdown. The same applies to WhatsApp and company-internal messengers such as Microsoft Teams and Slack. However, the very latest variant of phishing is the browser-in-the-browser attack - a strategy in which a false browser window is displayed. When the victim clicks a login button, they believe they are loading a new authentication window, but in reality this is not happening. The cybercriminal displays a legitimate URL that dispels any vigilance on the part of the victim. Without knowing it, the victim enters their login details on a malicious website.
The future of phishing
Strong automation of phishing can be expected in the future. With text augmentation technology, it is now possible to generate hundreds of emails that use completely different texts while maintaining the same meaning. Phishing is therefore likely to evolve over the next few years from a mass of generalized attacks to a mass of surgically precise campaigns. This is done through automation techniques that appear to draw inspiration from the field of search engine optimization and the GPT-3 algorithm. With the increased use of such open source technologies, cybersecurity vendors will need further innovation to meet these new challenges.
Source: Pressbox
Also read:
What actually is phishing?
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )