Cybercriminals are now uniformly adapting techniques to spread phishing emails on a larger scale. Recently, several tech companies and government agencies have issued warnings about ongoing phishing attacks laden with malicious attachments and social engineering tactics.
What do the warnings say?
- The Internal Revenue Service (IRS) warned U.S. tax professionals about ongoing phishing attacks trying to steal Electronic Filing Identification Numbers (EFINs) of taxpayers.
- In early-February, Microsoft alerted users about ongoing consent phishing (aka OAuth phishing) attack campaigns focused on remote workers and targeting victims in multiple repeated waves.
- The FBI is alerting businesses to beware of voice phishing attacks looking for login credentials of employees. The criminals are abusing VoIP platforms to launch vishing attacks.
Some stats your way
- Google disclosed that Gmail users located in the United States are the most favorite targets among cybercriminals for email-based phishing and malware attacks, accounting for a whopping 42%.
- According to a report by Vade Secure, cloud services businesses were the most impersonated in 2020 at 33%, followed by financial services at 29%.
- Google stopped 99% of phishing attacks out of one hundred million spam emails including spam, links, and malware. However, attackers always use new ways to bypass protections.
- An SMS phishing camping has been harvesting personal data and credit card information of unsuspecting U.K citizens. The emails are claiming to be sent from a government department.
- Prosecutors in Italy suspended the use of spyware used in WhatsApp phishing attacks.
- In a recent attack, a targeted phishing campaign was using Morse code to hide malicious URLs.
Phishing is a prevalent infection vector among cybercriminals, and they always keep coming up with new tactics to stay ahead in their game. Experts suggest staying extra alert while receiving an email from an unknown sender. In addition, users should always check the address bar to vet the URLs, implement 2FA, and deploy an email gateway solution.