Cybersecurity Cloud & Data

Phishing with a twist: Cybercriminals are upping the con game with innovation

Some tips on how to avoid the phishing trap

Identity deception is on the rise, with 39.6 million detected threats between May 2022 and May 2023, says a report. Attackers primarily impersonate the brands and entities we trust and rely on. In the majority (60.1%) of cases, attackers pose as one of just 25 organizations, including Microsoft, Google, Salesforce and Amazon.

In August, last year, Microsoft researchers told Reuters that a Russian government-linked hacking group had targeted dozens of global organizations with the goal of stealing login credentials by engaging users in Microsoft Teams chats pretending to be from technical support.

Read more: 2023 cybercriminals added variety & speed to attack vectors

In July, a Palo Alto Networks blog post revealed findings from its investigation into Cloaked Ursa, Russia’s Foreign Intelligence Service Hackers. The post discusses two cases that show how emboldened attackers are, one where a fake flyer was used to dupe diplomats in Ukraine, and another where the group likely used the Turkish Government’s guidelines on the recent earthquake as a phishing lure. 

Anil Valluri, MD and VP, India and SAARC, Palo Alto Networks, said, “These activities are evidence that malicious groups will look to benefit from adverse political events and natural disasters while exploiting people’s innate desire to help. By targeting persons of interest and those within embassies, state-sponsored attackers gain access to sensitive and critical data.

These activities are evidence that malicious groups will look to benefit from adverse political events and natural disasters while exploiting people’s innate desire to help. By targeting persons of interest and those within embassies, state-sponsored attackers gain access to sensitive and critical data

Anil Valluri, MD and VP, India and SAARC, Palo Alto Networks

“Having robust endpoint security is essential since these threats make their way on to the network via insecure end-user devices. Active attack surface management ensures complete visibility of assets and risks across endpoints, networks, and clouds. Organisations must adopt a Zero Trust approach which creates multiple layers of security to slow down attackers while lowering the risk of lateral movement between networks.” 

According to a Cloudflare report, attackers use links as the number one deception tactic, comprising 35.6% of threats, and they’re getting more creative about how they get you to click on bad links. Email authentication doesn’t stop attackers from succeeding. The majority (89%) of unwanted messages passed email authentication methods.

Tips to Avoid Phishing

Cloudflare advices the following to avoid falling into the phishing trap.

Double check the source. Be sure to carefully check email addresses (sometimes they can be misspelled or off by a letter when someone is trying to pose as one of your contacts). If you’re traveling, this could look like an itinerary update from an airline or a travel agency.

Beware the link. Malicious links are the #1 threat category, comprising 35.6% of detected threats. Without clicking on a link, look at the URL. Oftentimes, exploiters will create bad links that look mostly like real ones – save for minor differences. If you can spot even the tiniest difference, it’s safe to say it’s a phishing email.

Question the sender. Identity deception threats are on the rise — increasing year-over-year from 10.3% to 14.2% (39.6 million) of total detections. If you get a bizarre email from someone claiming to be your manager at your new job, or a friend with a new email, you’re right to question it.

Read more: Experts predict India in for cybersecurity woes in 2024

Don’t put blind trust in familiar brands. Downtime or planning upcoming travel might mean more time spent online. If your bank emails you asking for personal information, don’t assume it’s real. Between 2022 and 2023, Cloudflare saw attackers pose as more than 1,000 different organizations in over 1 billion brand impersonation attempts (and most of the time, these are well-known brands like Mastercard, Visa and Bank of America). Just because it claims to be from a source you know, doesn’t mean it’s legitimate.

When in doubt, call the vendor it claims to be from. If something feels off, trust your gut and call the vendor to verify its legitimacy.

Navanwita Bora Sachdev

Navanwita is the editor of The Tech Panda who also frequently publishes stories in news outlets such as The Indian Express, Entrepreneur India, and The Business Standard

Recent Posts

Disrupting Fintech: How product studios are transforming financial services

In the rapidly evolving financial technology landscape, innovative product studios are emerging as powerful catalysts…

2 days ago

Harnessing the power of AI: Preparing today’s workforce for tomorrow’s challenges

In an era defined by rapid technological advancement, Artificial Intelligence (AI) stands as a transformative…

2 days ago

Indian esports makes history at BRICS Esports Championship in Moscow

In a historic moment for Indian esports, Wasfi “YoshiKiller” Bilal secured a silver medal at…

3 days ago

Geek Appeal: New gadgets & apps on the block

The Tech Panda takes a look at recently launched gadgets & apps in the market.…

3 days ago

Ecosystem harkat: India’s Biotech & space tech, early stage tech startups & women entrepreneurs in blockchain

The Tech Panda takes a look at what’s buzzing in the startup ecosystem. The startup…

3 days ago

Harris vs. Trump: Forecasting Bitcoin’s Future in a Post-Election Economy

With just days until the outcome of the U.S. presidential race, Bitcoin enthusiasts across the…

4 days ago