Sophisticated Phishing Impersonation Techniques on the Rise

According to a recent report from helpnetsecurity.com, three main areas of cyberattacks are on the rise in 2019. HTTPS encryption in URL-based attacks, spoofed (Spear) phishing attempts, and cloud-based attacks focused on publicly hosted trusted file-sharing services. This data was compiled after 1.3 billion emails were analyzed.

1. HTTPS in URL based attacks climbed 26%

In Q1 2019 a 26% quarter-over-quarter increase in malicious URLs using HTTPS and have overtaken attachment based cyberattacks. Cybercriminals are taking advantage of the common user perception that HTTPS is a “safer” option to engage on the internet. Accellis’ head of cybersecurity, Tom Fazio said in a recent How to Spot a Phishing Email webinar:

“Gone are the days of being able to hover over a suspicious link to check for an HTTPS URL, malicious actors have created links that appear to be safe.”

2. Spoofed Phishing Attempts Rose by 17%

A typical spear-phishing email impersonates a well-known contact inside or outside an organization or trusted company to entice a user to click on an embedded link, with the goal of credential or credit card harvesting. During Q1 2019, these types of attacks increased by 17% over the prior quarter.

The top spoofed brands impersonated are Microsoft, with almost 30% of all detections – followed by OneDrive, Apple, PayPal, and Amazon. Read our blog on 5 Ways to Recognize Phishing Emails to help you detect these malicious emails.

3. File Sharing Services Exploited to Deliver Phishing Emails

Data analysis of emails has shown an increase in Cloud-based attacks, particularly those leveraging file-sharing services in Q1 2019. Links to malicious files posted to trusted file-sharing services, such as Dropbox, Google Drive, and OneDrive. Dropbox was the most commonly used. Domain-based Message Authentication, Reporting & Conformance (DMARC), is also a leading technology in stopping attacks such as these as it guards against domain spoofing.

4. Cybercriminals Focused on Payroll Departments

Cybercriminals have mastered the spoofing or spear phishing emails to departments such as accounts payable, posing as high-level management like a CEO. Over the Q1 of 2019, cybercriminals have increased the targeting of payroll departments, with an objective of collecting personal information such as bank account details of senior level management or diverting an executive’s salary to a third-party account.

Image via helpnetsecurity.com

Accellis Technology Group specializes in cybersecurity solutions to combat these sophisticated cyberattacks. To learn more, fill out the form below or contact our Director of Cybersecurity, Tom Fazio, at 216.662.3200 ext 130

Are you smarter than a cybercriminal? Take our phishing email quiz