Researchers reported an increase of 100 percent of all phishing campaigns done through social media platforms.
Cybercriminals are constantly evolving in both innovation and creativity. They develop each day new methods to trick victims into gaining access to their financial information, PII, and user accounts. A report regarding new phishing techniques can help companies and individual users to stay one step ahead of phishing threats targeting them.
For those who don’t know, phishing is a form of cybersecurity fraud in which the cybercriminal impersonates or hijack the account of a company to trick unsuspecting users into sharing with them. The researchers had analyzed vast volumes of phishing data. Within this data, there is a group of phishing pages that are divided into two major categories: there are those used for highly targeted phishing attacks known as spear phishing, as well as phishing pages used for widespread: generic phishing.
Phishing infrastructure it is also divided into two distinctions: self-maintained custom infrastructure and abused or compromised infrastructure belonging to someone else.
The abused or compromised infrastructure belonging to someone else can be used in devious ways because cybercriminals managed to infect specific entry points with various malware software that later give them the access to the entire infrastructure. Every company must protect its entry points with a cybersecurity solution like an antivirus. Depending on which OS their devices are using, it is necessary the presence of antivirus for Windows or antivirus for Mac in each of them to be safe and secured.
Researchers say that 27,285 uniquely blacklisted phishing domains were observed. These domains are targeting a total of 259 unique brands.
From this 259 brands: 40 percent of phish brands represent financial institutions, 20 percent are impersonating large tech companies, and 20 percent are faking digital transaction providers.
A trend that accounted for 20 percent of the top-ten most phished brands including the overall most-phished brand is the one that is leveraging social media platforms. This is interesting because this single trend has seen an increase of 100 percent in phishing campaigns.
This new trend has multiple explanations of why social media is drawing more attention from cybercriminals. One of them might be due to growth in popularity of economic integrations within social media platforms. Another one might be the possibility of using sensitive information from posts, messages, and profiles to engineering new cyber attacks. Cybercriminals could easily commit fraud by impersonating various top brands. This fake top brands can be used for malware distribution or as a starting point for new phishing campaigns. We advise every user and every company to implement in their systems a robust cybersecurity solution. The presence of a Windows antivirus or a Mac antivirus, depending on which OS your device is running, it is always a must if you want to be safe and secured.
As for the companies we recommend cybersecurity checks that are done by a professional company that would run various tests like penetration test or ethical hacking test on company’s network to reveal and patch its vulnerabilities. Another good cybersecurity measure is using cyber-secured web hosting services if you are a 100% online company.