Research shows that there has been a considerable uptick in phishing attacks since the onset of the pandemic. Reports indicate that over 91% of information security breaches begin with attackers launching phishing attacks on victims.
According to a report by the Federal Bureau of Investigation (FBI), there were more than 11 times as many phishing attacks and complaints in 2020 than in 2016. Out of all the malware attacks, phishing was the most common type of cybercrime in 2020, nearly doubling its frequency from the previous year, 2019. The frequency of phishing attacks varies from one industry to another and depends on the targeted company’s size. The manufacturing and healthcare sectors are the most targeted and high-risk in terms of vulnerability to phishing scams.
Phishing is a type of social engineering wherein an attacker sends a fraudulent message designed to trick the victim into revealing sensitive information or deploying malicious software like ransomware on the victim’s infrastructure. In the case of social engineering attacks, a broad range of malicious activities is accomplished through human interactions. For example, cybercriminals launch phishing attacks by posing as a reliable source and luring victims into handing over their sensitive information such as usernames, passwords, and Credit Card information to attackers.
Scammers often use various forms of phishing attack techniques; the choice of the method depends on the victim’s environment and, in most cases, takes place over mails. The main goal of a phishing scam is to steal personally identifiable information (PII) and enable threat actors to benefit by misusing the stolen data for serving malicious ends.
Types of the phishing attacks launched by the attackers are listed below:
- Spear Phishing
- Whaling
- Smishing
- Vishing
- Email Phishing
- Search Engine Phishing
Other variants of phishing used by scammers are as follows:
- Business Email Compromise (CEO Fraud)
- Clone Phishing
- Evil Twin Phishing
- Social Media Phishing
- Pharming
Here is a list of the top industries targeted by phishing attacks:
- Social Media
- Financial
- Webmail & Cloud Services
- Ecommerce
- Telecommunications
- Transportation
- Dating
- Tax Prep
- Job Search
- Education
Attacks targeting social media industries have increased significantly due to the rise in phishing websites aimed at social messaging apps. Additionally, online accounts that use Single Sign-On (SSO) are heavily targeted, accounting for 40% of the overall accounts targeted by phishing attacks.
From the financial sector, the top six targeted sub-industries are as follows:
- National Banks
- Payment Services (Online)
- Credit Unions
- Community/Regional Banks
- Brokerage/Investments
- Cryptocurrency
The data that is most commonly compromised by phishing attacks are as follows:
- Credentials (like passwords, usernames, and PINs)
- Personal data (like name, address, and email address)
- Medical (like treatment information and insurance claims)
- Bank details (like Bank ID, session id, account details)
The chart below showcases the different types of malicious files attached in the phishing emails:
The different types of phishing attacks targeting various industries are described as follows:
Spear Phishing:
Spear phishing differs from phishing as it is used for direct attacks targeting a specific organization or person through personalized phishing emails. Spear phishing attacks are often performed by gathering the targets’ personal information to tailor the phishing scam and increase the probability of success.
In most cases, spear phishing targets executives who have access to the organizations’ sensitive financial data and critical services. The mails used in these attacks are customized to make them relevant to the victim in a way that convinces the victim that the mail has been sent from someone known within the organization.
Spear phishing mainly targets:
- Financial sector
- IT industries
- Healthcare sector
Following are the mail template used in Spear Phishing attacks, as shown in Figure 1.
Figure 1 An instance of Spear Phishing Mail
Whaling/CEO Fraud:
Whaling/CEO fraud, also known as a Whaling phishing attack, targets executives or individuals who play an essential role in an organization. The goal behind the attack is to steal money, data, or gain access to the organization’s sensitive files.
The content of the mail is crafted based on the interest of the victim or his/her role in the organization. The intention is to get the employees’ attention and convince them to carry out the scammers’ desired actions.
The success rate of CEO fraud is comparatively low as it is relevant to the organizations and activities associated with high-level executives, while whaling has a higher success rate as it includes emails related to IT tax filing, services, and lucky draws, etc.
Figure 2 shows a mail sample for Whaling.
Figure 2 Mail Sample for Whaling
When an employee accesses the link, he gets redirected to a tailor-made website requesting the person to enter crucial data about the company.
Whaling/CEO fraud primarily targets the following industries:
- Government Organizations
- IT and Manufacturing industries
- Banking sectors
Smishing:
Smishing or SMS Phishing is a form of phishing attack performed by scammers using text messages as bait. This phishing attack works on a principal. The hacker sends an SMS with a clickable link to a list of mobile numbers fetched from a previous attack.
If a user clicks the malicious link in the message, he is redirected to a fake website developed by scammers. The user is then asked to fill a form, which is again a fake form controlled by the hackers and is identical to the legitimate web forms such as the login page of PayPal/Amazon.
Another technique that was later introduced in Smishing is the capability to download the malicious software to the victim’s device when the user clicks the malicious link in the email. In addition, once the file execution is complete, it tracks the user activity and collects sensitive data from the compromised device.
Smishing is a very successful approach used by attackers. It is a scenario-based attack, where attackers change their technique and methods according to the situation. One such example is the rapid rise in malware and cyberattacks with the COVID-19 crisis as the threat vector. Leveraging the Covid-19 pandemic, attackers have been sending malware along with fake contact tracing and vaccine-themed applications and messages by using various opportunities.
The attack technique has evolved to such an extent so that smishing attacks can now steal user information using fake Two Factor Authentication (2FA) messages.
The most common types of Smishing attacks are:
Figure 3 Covid-themed Smishing Attack
Smishing targets various industries, including the following:
- Social Media
- Webmail & Cloud Services
- Job Search
- Telecommunication
- Transport Service
Vishing:
Vishing or VoIP phishing is the phishing attack performed using Voice over IP telephony service by the scammers. They dial mobile numbers of victims obtained from previous attacks and play a recording in which the voice claims to be from their banks or insurance companies. Scammers use such numbers that impersonate numbers of legit banks/companies.
A classic example of vishing may include a call from the Customer Care of organizations pretending to be reliable brands such as Microsoft and Norton, informing users that their devices are in danger, which can be avoided by purchasing the security service offered by the company. The unsuspecting victim is requested to share the Credit Card details for the purchase of the subscription, and the malware is installed on the victim’s device through a remote connection. The malware may be a variant of a malicious banking trojan or remote access Trojan (RAT) that is capable of stealing the victim’s bank account information, including the password, or even controlling the user’s device through a C2 server, which enables the attacker to use the device for malpractices such as bitcoin mining and sending Spam messages.
Vishing mainly targets industries such as:
- Social Media
- Webmail & Cloud Services
- Telecommunication
To launch phishing campaigns, scammers use Top Level Domains (TLDs) to deceive unsuspecting users into believing that the mail or message is reliable and from legitimate sources. About 96% of phishing scams use legacy generic TLDs such as .com, .org, and .net, or country–code TLDs such as .ml, .io, .me, and .ga.
Along with domains, free email accounts are also used by scammers for launching phishing attacks. Studies show that the use of free email accounts for malicious phishing practices has increased to 34.3% in 2021.
Most misused free email accounts used for the attack are as follows:
| Usage Rank | Domain |
| 1. | Gmail.com |
| 2. | Hotmail.com |
| 3. | Mail.com |
| 4. | Aol.com |
| 5. | Outlook.com |
| 6. | Gmx.com |
| 7. | msn.com |
| 8. | Yahoo.com |
| 9. | Icloud.com |
Some of the regular patterns of scams used by the attackers are listed below:
| Response Based Scams | Percentage |
| 419 | 60% |
| BEC (Business Email Compromise) | 20% |
| Job scams | 8% |
| Vishing | 6% |
| Tech Support | 6% |
Some of the malware payloads that are delivered via emails and used for accessing sensitive information are listed below:
| Response Based Scams | Percentage |
| Zloader | 61% |
| Trickbot | 12% |
| Emotet | 11% |
| Dridex | 5.5% |
| Bazaloader | 3% |
| Others | 7.5% |
Recommendations for preventing phishing attacks:
The best way to avoid falling victim to phishing is to understand the basic concepts of the attack mechanism. Therefore, we recommend that our readers stay vigilant and prvent attacks by keeping an eye on the content of the emails.
- Emails requesting for personal information: If an email appears to be genuine but requests for personal information or details without any context, please think twice and verify its credibility before sharing information.
- Grammatical mistakes: Watch out for emails with grammatical mistakes such as misspelled words or sentences with poor grammar. Though this may not always be a clear indication of scam, but emails from scammers typically include grammatical errors.
- Messages with a note of urgency: Be wary of emails that induce a sense of urgency because cybercriminals often attempt to phish targets for user credentials by sending critical messages that deceive the victim into taking some action.
- Suspicious Attachments: Never open untrusted links and email attachments without verifying their authenticity.
- Fake Offers: Be careful when it comes to messages or emails appearing to have information on a lucky draw or a discount or shopping deals as they may be fake and malicious.
About Cyble:
Cyble is a global threat intelligence SaaS provider that helps enterprises protect themselves from cybercrimes and exposure in the dark web. Cyble’s prime focus is to provide organizations with real-time visibility into their digital risk footprint. Backed by Y Combinator as part of the 2021 winter cohort, Cyble has also been recognized by Forbes as one of the top 20 Best Cybersecurity Startups To Watch In 2020. Headquartered in Alpharetta, Georgia, and with offices in Australia, Singapore, and India, Cyble has a global presence. To learn more about Cyble, visit https://cyble.com
