6 Impactful 2017 Email Phishing Campaigns, so far
Think before you click. Phishing attacks are on the rise, and it’s a hot topic this year in the information security industry. Cyber criminals just don’t give up. They don’t only not give up, but they’re becoming more sophisticated in their approach. Phishing emails are becoming craftier and more realistic. Even the trained employees find it hard to recognize such campaigns, and they have to triple-think before clicking that link.
These criminals are agile. They’re developing more authentic looking emails, creating emails with business logos and researching authentically used copy from the business itself.
Through email phishing campaigns, malicious criminals can attempt to gain several forms of personal information. They seek to exploit contact and financial information. The most sought after information includes email addresses, phone numbers and banking information.
Criminals ‘piggyback’ on businesses that have easy access to credit card information and basic contact information. For them, this is an information treasure chest. They can easily duplicate processes that businesses use in their standard operations, such as email/username logins, and attack business customers.
The year 2016 saw a major increase in phishing attacks in reference to internet-based service providers. These providers include businesses like DropBox and Gmail. Last year witnessed a 24.35% in effective phishing attacks towards internet service providers. These seems to be the easiest and fastest service businesses that cyber criminals can easily scheme. Let’s take a look at 6 impactful phishing attacks.
Raise your hand if you’re a regular DropBox user. If you did, you need to be aware that DropBox is frequently being used in sophisticated phishing attacks. These attacks are often after your precious passwords and usernames. A malicious attacker will attempt to steal your password by sending a fake file sharing request. Either you give information away when the email asks you to re-enter information, or you download an attached ransomware virus attached to the email. Ouch. That would hurt.
The mighty business Google is even prone to phishing attacks, and a recent attack affected as many as 0.1% of Gmail users. Is that a small number? Nope. That translates to about 1 billion affected users worldwide. Double ouch.
As we write this blog post, the Gmail phishing campaign continues to be talked about heavily. This attack was implemented by asking Gmail users to view an attached “Google Docs” file. By clicking the link, it took them to a very real-looking Google security page that prompted them to give permission to the fake app, thus giving access to the cyber criminal. From here, the criminal had access to all the affected users’ contacts. This nasty phishing campaign affected many businesses, and was particularly effective with its perfect-looking Google landing page.
The very popular digital signature service has been hit by a major phishing campaign. Docusign, the owner of eSignature, was hit when hackers stole customer email addresses in May. The hackers were able to access this information through a secondary system that the company uses to send service-related announcements.
US Securities and Exchange Commission
Government agencies are becoming a top target for spear phishing campaigns. Spear phishing aims to exploit executives and individuals with organizational power. These types of campaigns are usually highly targeted to a specific individual by using a name in the email copy. In this incident, the Security and Exchange Commission reported spoofed emails targeted at lawyers, compliance managers, and other company officials who file documents with the SEC. Once the individuals were ‘spoofed’, the attackers were granted access to internal corporate networks.
Beware. This phishing campaign involves stolen credit card information and personal details. Cyber criminals organized an elaborate phishing campaign that asked Netflix members to update their membership details. Once entering the credit card and personal information, the user was redirected to the actual Netflix homepage, making the process of detecting the phishing scheme much harder. Be care and don’t click that link.
Bank of France
What’s worse than losing your hard-earned money? The Bank of France was victim of a phishing campaign that involved cyber criminals sending out emails indicating,
“Fake bills, reports of bank accounts being frozen and granted loans in an attempt to trick customers into handing over account numbers and other sensitive data.”
Hackers operating the campaign craftily used the company logo and name to ruse the receivers into believing the email was legitimate. Once the email was clicked, victims were redirected to a website to enter bank details and download malicious files.
Phishing campaigns continue to be a dangerous cyber weapon used by malicious criminals. No business big or small is immune to its reach, meaning now is the time for you to develop a cyber security plan and train employees to spot phishing campaigns.