The Shifting Phishing Landscape and Lures

Earlier this year, cybercriminals has began cashing in on the COVID-19 scare. They have been sending phishing emails impersonating healthcare professionals and organizations. However, new phishing lures have emerged now.

What’s going on?

Ongoing phishing email lures have shifted from COVID-19 to job opportunities. Recently, they are sending spear-phishing emails purporting to be from governments about economic incentives to those who have been affected by the pandemic. Moreover, as more businesses reopen, emails based on job offers are being sent to lure in targets.

Latest phishing facts

  • Microsoft topped the list of most-imitated brands for phishing emails, accounting for 19% of all global phishing attempts.
  • A series of massive spear-phishing campaigns against Microsoft Office 365 and Google Cloud is currently ongoing. The tactics employed by attackers have been crafted to provide a false sense of security to the targets.
  • Since August, there has been a huge surge in the number of phishing sites impersonating the Amazon brand. Attackers are tapping into the brand’s annual discount shopping campaign.

Shifting landscape

The only thing that remains unchanged is the fact that malware authors are always on the lookout for new techniques to create maximum damage and evade detection.
  • Threat actors have been taking the advantage of the potential of emails to socially engineer remote workers who are on less-secure devices.
  • Financial firms proved to be a lucrative target for phishing attacks with various banks accounting for 32% of total attempts.
  • The trend of attacking cloud services is expected to continue as a greater number of businesses migrate to the cloud.

The bottom line

The threats witnessed this year are evidence of attackers jumping into any opportunity to gain more revenues. As they expand their attack vectors and geographies, it remains to be seen what other vectors they might use in the remaining months. Experts recommend the cybersecurity industry to work towards diminishing the success rates of phishing emails by advancing their strategies.