Home News Phishing is No Longer an Email-Based Threat: Research

Phishing is No Longer an Email-Based Threat: Research

xss vulnerability in UPS, Phishing Attack, spear phishing, phishing mails

Security experts said cybercriminals are customizing their hacking methods to trick consumers. According to the cloud security firm Akamai Technologies, attackers are using enterprise-based development and deployment strategies like Phishing as a Service (PaaS) to target global tech companies.

In its report, 2019 State of the Internet / Security Phishing: Baiting the Hook, Akamai revealed that around 42.63 percent of attacks were targeted on large brands like Microsoft, PayPal, DHL, and Dropbox. Akamai opined that hackers expanded phishing attacks to social media and mobile devices, making it no longer an email-based threat.

The report stated that cybercriminals are targeting global companies and their users with sophisticated phishing kit operations.

“This evolving method continues to morph into different techniques, one of which being business email compromise (BEC) attacks,” Akamai said.

According to the report findings, the IT industry is the primary target for attackers with 6,035 domains and 120 kit variations. The second most-targeted industry is the financial services with 3,658 domains and 83 kit variants. Following that, E-Commerce (with 1,979 domains, 19 kit variants) and Media industry (with 650 domains, 19 kit variants). It’s said that Phishing defenses of the companies forcing hackers to change their attack operations.

“Phishing is a long-term problem that we expect will have adversaries continuously going after consumers and businesses alike until personalized awareness training programs and layered defense techniques are put in place,” said Martin McKeay, Editorial Director of the report.

“As the phishing landscape continues to evolve, more techniques such as BEC attacks will develop, threatening a variety of industries across the globe. The style of phishing attacks is not one size fits all; therefore, companies will need to do due diligence to stay ahead of business-minded criminals looking to abuse their trust,” McKeay concluded.

A similar research from email and data security company Mimecast revealed that there is a significant increase in Business Email Compromise (BEC) attacks. In its report, Email Security Risk Assessment (ESRA), Mimecast stated that emails containing viruses and malware attachments are being delivered to users’ inboxes from incumbent email security systems.

The ESRA highlighted that BEC attacks have increased to 269 percent when compared to the same findings in the last quarter’s report. Mimecast stated that they’ve found 28,783,892 spam emails, 28,808 malware attachments, and 28,726 dangerous file types that are delivered to users’ inboxes.