Technology Why do phishing attacks work? Blame the humans, not the technology
New phishing campaign distributes Windows Trojans to users in North America and Europe
© DEFAULT_CREDIT Malware (Image: Shutterstock / Blue Island) This is the current variant of the Bazar Trojan. It gives hackers a back door to infected systems. The campaign is directed against the logistics, technology and health sectors and is still active. Fortinet has uncovered a new phishing campaign , which is currently primarily directed against users in North America and Europe . The aim is to distribute a current variant of the Windows Trojan Bazar.
Phishing attacks remain a huge problem and crooks are spending a lot of time and effort to ensure that, for the potential victim, clicking on a bad link is the most intuitive and easiest thing to do.
A common technique used in emails sent by cyber criminals attemptingis to claim that the victim needs to click a link or download an attachment as a matter of urgency.
A Phishing Scam Targeting Postmates Drivers Pretends to Represent the Company to Empty Out Victims’ Accounts
As if gig workers didn’t have it hard enough already, they now have to be on the lookout for possible phishing scams from malicious actors that pretend to represent their company. © Photo: Chris Delmas / AFP) (Getty Images) This illustration photo taken on June 30, 2020 shows the logo of delivery app Postmates on a smartphone screen in Los Angeles. An in-depth report by the Markup published this week describes the phishing scams, which the outlet states have affected hundreds of Postmates drivers.
This could claim to be anything from important corporate documents in an enterprise environment,, winning a prize, or even .
SEE:(ZDNet/TechRepublic special feature) | (TechRepublic)
The messages are designed so that clicking on the phishing link is the easiest thing to do, with the aim of directing the user to a page designed toor other personal information.
Ransomware: Sharp rise in attacks against universities as learning goes online
Higher education is struggling with ransomware attacks, with gangs seeing an easy target in institutions busy making the switch to remote operations.The number of ransomware attacks targeting universities has doubled over the past year and the cost of ransomware demands is going up as information security teams struggle to fight off cyberattacks.
Crooks will design these phishing pages to, which is all part of a plan to make the operation as smooth as possible – with no reason for the user to question if anything is wrong.
"Part of the problem is that phishing signals are often indistinguishable from positive user experience attributes," Troy Hunt, creator of HaveIBeenPwned and digital advisor to Nord Security told.
"It's easy when you've got a link, because you just click on it and you go straight to the right place and it deep links you through to that potentially fraudulent transaction," he added.
For example, if a user had concerns that a link claiming to be from their bank could be a phishing email, they could choose not to follow the link, but instead open a new window and go to the bank's website to check to see if there really was a message from their account.
Cybercrime groups are selling their hacking skills. Some countries are buying
Nation-state hacking groups don't need to do the work themselves anymore: they can hire criminal gangs to breach targets for them - with the added bonus that it's harder to trace the attack back to them, say researchers.Cyber-criminal hacking operations are now so skilled that nation-states are using them to carry out attacks in an attempt to keep their own involvement hidden.
By doing this, they avoid the potentially dangerous phishing link. But phishing attacks remain successful because people are still coerced into clicking links.
That's despite, which suggests that while people say they know how to stay safe online, they'll still fall victim to phishing and other cyberattacks – because cyber criminals are highly capable at using social engineering to coerce victims into doing what they want.
"Humans are ultimately fallible. Unfortunately it's the organic matter behind the keyboard that is often the vulnerable part of the loop," said Hunt.
"We need to have that balance of the education and the training, with the technology to back it up and help us out when things do go wrong," he added.
Organisations can offer training to staff in order to help them identify phishing attacks, whilecan also help keep people protected from phishing attacks.
Report: Quality, not quantity, is the hallmark of the latest waves of phishing attacks
Cybercriminals have changed tactics since COVID-19, with surgically precise social engineering attacks targeting business apps replacing batch-and-blast phishing.To make matters worse, the majority of phishing attacks now come in the form of impersonation-related attacks focused on breaching business applications like Zoom, Microsoft Office, DocuSign and other collaboration tools that have become fundamental for businesses during the COVID-19 pandemic.
MORE ON CYBERSECURITY
Survey Scammers Targeting People Who Just Got COVID Shot, Offer Free Prizes .
The ANA Inspiration has played a pivotal role in transforming the LPGA Tour, Hally Leadbetter breaks down the importance of the first major championship of the LPGA season.