Phishing itself is slowly decreasing in it’s overall amount, though the various methods used are getting more and more clever. Instead of spamming general phishing attempts out to everyone, more targeted, though slightly less so than a spear-phishing campaign are being used. They’re becoming infinitely more sophisticated. There are always multiple methods and variations thereof use to gather sensitive information surreptitiously. Phishing is no longer the strange, slightly funny cousin we all may laugh with, instead evolving as much as security researchers constantly improve their methods of detecting and protecting against phishing. But still, phishing is ever on the rise with more campaigns that seem to account for nearly 1 in 1846 emails being one of those well-crafted attempts, down from 1 in 392 emails in 2013. It’s still a problem, and likely even more so despite the decline in overall amount of phishing attempts.
Sophisticated phishing uses better lines
One such phishing attack that seems to be widespread is targeting users of the Washington DC DMV system. It seems that the organizer of the scam, who has yet to be identified, is sending out past-due notices regarding parking violations. Those parking violations being referred to may or may not actually exist, though the chance of someone actually being worried about those violations could be significant enough to warrant the chance of exposure, and failure. This seems to be a somewhat common tactic among the phishing community, using the fear of legal repercussions, and fear itself, to attempt to persuade individuals to erroneously visit their faux website and enter payment details. It’s startlingly easy to copy the login page of nearly anything, even with the majority of the details gotten right. There are dead giveaways, though, one of the more obvious being the
Another rather and significant phishing attack began taking place specifically in the US at the end of September. On the 30th of that month Cigna, a health insurance company, warned its customers that fake job offers and job postings have been created in an attempt to elicit personal information from those prospective employees. This attempt may have increased efficiency as it’s being conducted in an economy that’s still recovering from a recession with jobless rate that could very well have quite a few interested parties. Unfortunately, Cigna doesn’t exactly know the identity of the individuals behind the campaign, as it generally is. Unfortunately it’s somewhat easy to hide if you’re skilled enough. Job applicant phishing is certainly not new, either, and is a tactic that’s been used since before the Internet was as wide-spread. Attackers make fake job application web-pages and obfuscate the actual IP address and other information in an attempt to lure potential victims to them. It just seems to be taken more advantage of as the economy is still in a state of rebound.
Certainly students are also at risk due the rising cost in education. In the UK there’s recently been a phony educational grant phishing attempt being targeted specifically at students, though not of any particular area within the UK or school. This particular attack, having just been noticed on the 20th of September, is very much reminiscent of earlier attacks that have happened all around the world targeting the same demographic. Similar to nearly all phishing scams, emails had links to artfully crafted landing pages asking for personal information, and banking information, in order to steal from their intended victims. Thus far there’s no mention as to who the attacker, or attackers, are. They remain outside the immediate reach of law enforcement.
Phishing seems to be one activity that will never truly end. No matter how sophisticated the means and methods we develop to curb any of those attempts, so too will the phisher evolve with their own techniques. That and though email remains the most common way to connect with their prey, the Internet itself is evolving with new ways to connect which will likely become avenues for phishers as well. Phishing will never go away. It’ll just keep evolving and eventually become antibacterial resistant.
So what does one do? Despite the concentrated and clever attempts, it’s still relatively simple and just takes paying close attention when reading through your email. To stay safe don’t click on links in emails that you aren’t expecting. Think before you click and make sure the issue at hand is something that you yourself initiated. And always look closely at who those emails are actually from. If it’s from a business, it’ll probably be from an appropriate domain and not some randomly setup email specifically created for sending these attempts. And the last thing is to always report those attempts, to your email provider or the company you work for. It’s relatively easy, but anyone can slip up depending on just how well written and convincing a particular attempt happens to be. Phishers are getting pretty good these days, so browse safe.