Phishing attacks use increasingly sophisticated techniques bolstered by cutting-edge technology and are increasingly effective at outfoxing all but the most discerning individuals and companies. In this blog post, we provide an in-depth look at the top 10 phishing techniques currently in use, dive into the technical details, and arm you with a set of practical strategies to stop them.
Artificial intelligence (AI) and machine learning (ML) now enable hackers to create highly convincing phishing emails and messages, using Natural Language Processing (NLP) to determine the style of contact based on past messages and then generate new content based on that style. With AI trained on large amounts of data about how real communications appear, attackers are able to produce emails with contextually-relevant language that are largely devoid of key phishing cues (eg, bad grammar and generic greetings).
Deepfake technology is designed to generate ultra-realistic audio and video recordings. Hackers can use GANs to create synthetic videos and audio clips that sound like senior staff or co-workers when voiced by the impostor. They can then demand remotely logged-on staff give out customer details or instruct them to authorize a fraudulent transfer. Often, it is impossible to detect deep fakes without arduous scrutiny or third-party-checked access to metadata.
With phishing, cybercriminals create bogus social media accounts or take over real ones to send messages that initiate phishing expeditions (‘phishing initials’), solicit personal information, or spread malware such as ransomware. The technique leverages the fact that users tend to believe what their social media friends or acquaintances tell them. Attackers can leverage stolen credentials or social engineering to take over or tailor ‘real’ accounts, which makes phishing messages sent from them more convincing.
Smishing stands for SMS phishing, which is basically phishing by text message. Attackers send SMS messages that bear the hallmarks of being from trusted entities, such as banks, delivery companies, or government organizations. The messages often contain links to malicious sites or requests for personal information. The limited screen real estate of SMS and the sense of urgency associated with receiving a text are highly effective mediums for phishing.
Zero-clicks are some of the stealthiest exploits because they take advantage of a vulnerability in a piece of software to execute malicious code automatically as soon as a message is opened – without asking the user for permission and without any other user interaction. Zero-click exploits generally take the form of vulnerabilities in email clients, messaging apps, or mobile operating systems.
BEC attacks involve hacking or spoofing legitimate business email accounts to impersonate senior executives or partners and trick staff into sharing sensitive information or making fraudulent wire payments on behalf of their employers. The AFP adds that attackers employ a combination of social engineering and technical tricks to breach business email accounts, which are then used to request fraudulent wire transfers or sensitive company information.
Callers directly assault victims by phone, and callers acting as bank, credit union, government, or tech support telephonists use social engineering in vishing attacks to trick intended targets into revealing data or performing actions that enable social compromise. In the case of vishing attacks, perpetrators often use voice-over-IP (VoIP) technology to spoof the caller ID.
Credential harvesting involves social engineering victims into entering login credentials for email, payment or corporate accounts. The attacker creates what’s called a ‘phish’ (a fake login page for a trusted site), and then, usually by means of email, social media or malvertising, delivers it to the victim.
Ransomware phishing attacks start with emails that phish for a target. They contain a malicious attachment or link. If opened, the ransomware will be unlocked, and the machine’s files will be encrypted. A ransom must be made to get the files back. Social engineering plays a big part in how malicious actors develop emails that trick the user into opening the attachment or clicking the links.
One type of attack focuses on intermediaries such as service providers and other vendors to gain access to the networks of larger and sometimes more valuable targets. Examples include inserting malicious code into software updates further along in the supply chain or compromising a vendor’s network from which to launch an attack on a primary target. The connected nature of modern networks amplifies the impact of such a tactic.
One of the best ways to protect organizations from phishing attacks is the use of Cyber Threat Intelligence (CTI). CTI is the process of monitoring and analyzing threat data across various domains, data-sharing registries, and data feeds on the internet in order to help identify and mitigate potential emerging threats and vulnerabilities. It also enables better protection against new and evolving phishing attacks. And since the scenarios in which phishing attacks could be leveraged by cybercriminals are constantly evolving, CTI ensures that security measures are constantly kept up-to-date.
ThreatMon is the total threat intelligence solution for organizations to detect, analyze, and prevent phishing threats. ThreatMon key features are detecting, analyzing, and preventing phishing from possible threats.
This will ultimately strengthen your security posture and outsmart cybercriminals before they become a threat.
As phishing attacks continue to change, organizations must stay informed and be on the lookout for the latest developments in phishing. Implementing safeguards or utilizing cyber threat intelligence solutions can better equip them to counter phishing attacks. ThreatMon CTI is a cyber threat intelligence solution that captures and analyses massive amounts of data about security threats, the most frequently reported threats, botnet activities, and more — in order to help organizations rapidly embrace new technologies and protect critical data.
