Phishing Attacks Shift to Email Addresses
Phishing attacks are exploiting human vulnerabilities and are shifting from user names to email addresses to target organizations’ and individuals’ assets.
Phishing volume grew by 33% across the five most-targeted industries: finance (23%), cloud storage (22.6%), webmail and online services (20.6%), payment services (13.9%) and economic (11%).
Cloud storage sites are expected to replace financial institutions as the top target of phishing attacks this year.
Phishers are exploiting email addresses instead of unique user names to mass harvest credentials. This exposes an exponentially greater number of online services to secondary attacks through credential reuse and other methods.
Attacks on government tax authorities grew by 300%. More IRS phishing attacks occurred in January 2016 than in all of 2015.
Phishing volume peaked in mid-2016, and there was a spike in virtual Web server compromises because of major global events, such as Brexit.
The United States’ share of attacks is growing and currently accounts for more than 81% of all phishing attacks.
59% of phishing sites were hosted in the United States last year, but there also was a very significant increase in the number of phishing sites hosted in Eastern Europe.
Canada suffered more than any other country, as attacks on institutions grew 237% in 2016.
.Com Top-Level Domains (TLDs) were associated with more than half of all phishing sites last year, but generic TLDs are becoming more popular because they are low cost and can be used to create convincing phishing domains.
The researchers collected 29,000 phishing kits targeting more than 300 organizations in 2016. One-third of these kits used anti-detection techniques, 22% used mechanisms to restrict access and 29% used techniques to evade browser-based blocking.
Ransomware attacks are now targeting organizations that are most likely to pay, such as those in health care, government, critical infrastructure, education and small businesses.