Phishing Attacks Shift to Email Addresses

 
 
By Karen A. Frenkel  |  Posted 04-10-2017 Email
 
 
 
 
 
 
 
 
 
  • Previous
    Phishing Attacks Shift to Email Addresses
    Next

    Phishing Attacks Shift to Email Addresses

    Phishing attacks are exploiting human vulnerabilities and are shifting from user names to email addresses to target organizations' and individuals' assets.
  • Previous
    Phishers Attack Specific Industries
    Next

    Phishers Attack Specific Industries

    Phishing volume grew by 33% across the five most-targeted industries: finance (23%), cloud storage (22.6%), webmail and online services (20.6%), payment services (13.9%) and economic (11%).
  • Previous
    Top Phishing Target Will Change
    Next

    Top Phishing Target Will Change

    Cloud storage sites are expected to replace financial institutions as the top target of phishing attacks this year.
  • Previous
    Email Addresses Replace User Names
    Next

    Email Addresses Replace User Names

    Phishers are exploiting email addresses instead of unique user names to mass harvest credentials. This exposes an exponentially greater number of online services to secondary attacks through credential reuse and other methods.
  • Previous
    Attacks on Government Tax Authorities
    Next

    Attacks on Government Tax Authorities

    Attacks on government tax authorities grew by 300%. More IRS phishing attacks occurred in January 2016 than in all of 2015.
  • Previous
    Global Events Affected Phishing
    Next

    Global Events Affected Phishing

    Phishing volume peaked in mid-2016, and there was a spike in virtual Web server compromises because of major global events, such as Brexit.
  • Previous
    U.S. Phishing Attacks Are Growing
    Next

    U.S. Phishing Attacks Are Growing

    The United States' share of attacks is growing and currently accounts for more than 81% of all phishing attacks.
  • Previous
    Phishing Sites Are Hosted In Eastern Europe
    Next

    Phishing Sites Are Hosted In Eastern Europe

    59% of phishing sites were hosted in the United States last year, but there also was a very significant increase in the number of phishing sites hosted in Eastern Europe.
  • Previous
    Canada Is Hardest Hit
    Next

    Canada Is Hardest Hit

    Canada suffered more than any other country, as attacks on institutions grew 237% in 2016.
  • Previous
    Generic TLDs Gain in Popularity
    Next

    Generic TLDs Gain in Popularity

    .Com Top-Level Domains (TLDs) were associated with more than half of all phishing sites last year, but generic TLDs are becoming more popular because they are low cost and can be used to create convincing phishing domains.
  • Previous
    Anti-Detection Techniques Are Used the Most
    Next

    Anti-Detection Techniques Are Used the Most

    The researchers collected 29,000 phishing kits targeting more than 300 organizations in 2016. One-third of these kits used anti-detection techniques, 22% used mechanisms to restrict access and 29% used techniques to evade browser-based blocking.
  • Previous
    Ransomware Focuses on Likely Payers
    Next

    Ransomware Focuses on Likely Payers

    Ransomware attacks are now targeting organizations that are most likely to pay, such as those in health care, government, critical infrastructure, education and small businesses.
 

The phishing landscape has undergone a major shift that's affecting what is being attacked, targeting email addresses rather than user names, according to a new report. This news was reported in the "2017 Phishing Trends and Intelligence Report" by Joseph Opacki and Crane Hassold, both formerly with the FBI and now with PhishLabs. Exploiting human vulnerabilities continues to be the most attractive and successful path for targeting organizations' and individuals' assets, the report said. "Phishing was and continues to be, by a wide margin, the most prolific method used to distribute ransomware. Fighting back against ransomware requires fighting back against phishing," the authors said. Last year, they analyzed 1 million confirmed malicious phishing sites that resided in 170,000 unique domains. They also investigated and mitigated 7,800 phishing attacks every month by identifying the underlying infrastructure used and then shutting them down. They also analyzed thousands of unique malware samples from 100 ransomware variants in 20 banking Trojan families. Key findings of the report follow.

 
 
 
 
 

 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login Register