Phishing sounds like fishing. The only difference is that the bait is replaced by various modes of communication such as emails and phone calls.
But the aim of both practices remains the same—to lure the victim.
Phishing has been one of the lethal attacks launched by threat actors.
It is a fraudulent practice to tricking someone into giving their confidential information, especially account details or sensitive information, through malicious emails, text messages or phone calls. A threat actor can pose as a genuine authority such as a bank to get information, or they can lure them with certain rewards.
This form of attack is getting more advanced and formidable to outwit existing cybersecurity. Luring the victims through emails is just a part of the attack. Today’s cybercriminals are so sophisticated they have another way to launch the attack.
That’s why I have outlined some latest phishing trends to keep your eye out in 2020. It will help you take care of fixing security loopholes other than just your emails.
The Threat of Phishing Kits:
Most of us must be aware of phishing kits. While they are not the latest attack, they are getting more advanced to simplify the execution of those hacking campaigns.
Turnkey phishing kits have everything for both veteran and novice hackers to reproduce login pages appearing to belong to genuine brands to trick the users into giving account credentials.
Many of the phishing kits leverage URL randomization generators to create multiple URLs to be used in the phishing campaigns so, even if one URL gets blacklisted, the attacker can use other URLs. Owning multiple URLs also helps phishing sites disappear within 24 hours to remove the traces.
HTTPS Won’t Be Safe Any Longer:
The acronym “HTTPS” along with the green padlock in any web address means the website is safe for visitors. Or you can say that it stands for the legitimacy of a website. But what if this sign of security is compromised?
Over the past few years, there has been a mushroom growth of various sites claiming free SSL/TLS certificates. The Anti Phishing Working Group has claimed that 58% of phishing sites utilize HTTPS. According to one independent study, 60% of phishing attacks take place over HTTPS on mobile devices.
It simply means the green padlock symbol is no longer the sign of a secure site.
The Rise of Punycode:
Punycode coverts word with Unicode characters (from Cyrillic, Greek, and Hebrew) into ASCII characters so that computers can detect them. However, this can become a major phishing threat.
To understand this attack better, have a look at the domain name of American Express given below:
Did you see any difference?
See it one more time carefully and you will find that the “i” in American is replaced with the Unicode character ‘í.’
Many people will likely fail to notice such a tiny change. After all, how often do we read the URL word by word?
This Unicode character is easy to miss on small screens of smartphones.
No wonder why 7% of mobile phishing attacks contain punycode.
Deepfake is a New Phishing Weapon:
Phishing is all about gaining the trust of the victim to scam them into giving important details. Hackers will use other technologies to make things look authentic to trap the victim. The use of deepfake is one of them. This technique is used to create fake or altered audio content. For example, a threat actor can replicate the voice of your CEO with an advanced sound system and then use it to ask you to provide account details. In 2019, the Wall Street Journal exposed the incident of the CEO who was manipulated by AI-generated voice deepfake to get a quarter of a million dollars.
Threat Actors will Continue to be Posing as Big Brands:
The trademark of most phishing attacks is they often pose as legitimate or genuine entities to win over the trust. That’s why phishing attacks use the appearance of big brands as their main ingredient.
The Attacks will Go Beyond to Other Platforms:
An email has always been a key medium to generate phishing attacks. But today’s cybercriminals are utilizing other modes of communication as well.
The past few years have seen the use of SMS and social media accounts to execute phishing attacks. SMS phishing attacks are also known as “smishing” and used to send messages on the phone of potential victims.
Similarly, social media is also becoming the preferred medium among cybercriminals. In 2019, Facebook was the favorite social media platform for phishing attacks with a 176% year-over-year increase in phishing URLs.
These are some key phishing trends to watch out for in 2020. However, it also requires you to fine-tune your cybersecurity strategies to deal with such ever sophisticated phishing attacks. Apart from safeguarding your emails, you need to reinforce the security of your social media accounts. However, employees are the biggest factor in your cybersecurity. Educate them on cybersecurity so they can identify the attack. What do you think? Please let me know by commenting below!
Author Bio: Ayman Totounji is the CEO of Cynexlink. Cynexlink is a Managed IT service provider company which helps small and mid-sized companies by delivering technology solutions like Cybersecurity Services, Managed IT services and cloud computing. As an IT expert, he loves to write and educate people about cybersecurity, cloud computing and other areas related to Information Technology.