Top Phishing Trends of 2017
Author: Meagan Ellison
Phishing Trends of 2017
Just because 2017 is coming to an end, doesn’t mean that phishers are too. We recapped the biggest trends in email phishing this year, how to tell the difference between whats real and what isn’t, and how to protect yourself. Phishing is an attempt to obtain private data such as credit card and bank information through deceptive means. Phishers often masquerade as companies, customer support, or friends on social media. They then use this information to empty bank accounts and plunder private information. As of 2017, phishers using more sophisticated attempts through email and it’s important to be educated on how they operate. Listed below are some different types of phishing along with some ways you can protect yourself from attacks.
Phishing emails usually request personal information, requiring you to take ‘immediate action. They often contain misspelled words, broken English or unprofessional language. Phishers are hoping you will respond to the sense of urgency and provide them with confidential data. Sometimes, these email will contain attachments containing malware.
Spear phishing is more personalized than regular phishing. Emails are socially engineered for key individuals. Phishers study their subjects and the relationship they have with their company and craft messages based on this information. The emails are made to look legitimate, as if they had come from an executive within the company.
In 2015, Spear Phishing cost Ubiquiti Networks Inc. $46.7 million. Phishers impersonated executives and sent employees requests to transfer funds via email. The employees responded, authorizing transfers from their accounts to third party accounts in Hong Kong. Legal action was taken when the incident was discovered. Since then, Ubiquiti Networks has recovered $8.1 million and is still in the process of recovering the remaining $38.6.
Spear phishing also makes a mark on social networks. Scammers use chat rooms and other social mediaplatforms to make connections with users and then use it to ask for passwords or other info. In 2016, cybersecurity firm ZeroFOX found that 66 percent of social media spear phishing attempts were successful.
Pharming affects companies by hacking their Domain Name System (DNS). They redirect any user’s requests to access away from the host files to a bogus site. This is done by altering the host file. An example of pharming is a bank customer clicking a link directing them to a fraudulent bank site. In the case of a successful pharm, the customer will plug in their login password and the information is harvested. Pharms are detected through the URL. A fraudulent site will often be one letter or number out of place. This is the key thing to check when a site feels suspicious.
Phishers can infect computers through malware software containing a combination of viruses and worms. Programs are designed to corrupt computer files and steal private data. One of the most popular subtypes of Malware, Ransomware exploits it’s victims by threatening to publish their data or block them unless a ransom is paid.
This year, Ransomware WannaCry launched one of the largest cyberattacks to date. Once WannaCry infects a computer it scrambles data and locks the user out. If the ransom isn’t paid after a certain amount of time, the files are permanently deleted. Ransoms are usually a few hundred dollars. This attack hit the National Health Service in May, causing irreversible damage. The National Audit Office would later find the attacks to be unsophisticated. Wannacry could have easily been prevented by NHS employees by updating their computers, which shows us how important it is to stay on top of updates!
Protect Yourself from Phishing
While phishing is a problem on the web, never fear! There are many personal measures to secure your computer from hackers and do transactions in peace. Here are some tips for being proactive against phishers.
- Equip your computer with anti-virus, anti-spyware and firewall software. Leaving any one of these attending creates holes for phishers to worm through.
- Keep your computer updated regularly, leaving no room for viruses that may have adapted to an outdated application.
- Continuously backup your files.
- When doing transactions online use SSL. An SSL certificate secures data between two machines through encryption and provides an extra layer of security.
Precautionary measures for Email phishing:
- Be suspicious of emails asking for financial information
- Double-check any email with an urgent tone. Never react to emotional threats.
- Delete emails with typos and misspelled words
- Be wary of invitations on social media from people you don’t know.
- Do not send confidential information in an email attachment as scammers can easily access this information.
- Check the URL from suspicious emails. A good site to use is Virustotal
- Be wary of sites that are not secure. Secure websites coming will have a URL that says https:// not http://. The ‘s’ stands is associated with SSL certification. This shows you the sender is legitimate and the email secure.
- Businesses and individuals can protect from phishing by setting up a two-factor authentication (2FA). Gmail uses 2FA by sending a code to your phone via text along with requesting username and password. This has allowed Gmail to stay on top of phishers.
As the internet continues to evolve, phishing attempts will as well. However, if you follow these tips to securing your computer, and stay updated on phishing trends, you are on your way to a secure experience online.
Subscribe to our blog here.