Insights

How to spot the latest phishing scams | Guide | Chapter II: Real examples & Cybersecurity dynamics

Written by Penta | Jul 21, 2020 1:28:00 PM

The threat among us. It is extremely difficult to estimate the number of scams available worldwide at the moment, as highlighted in the first chapter of our Phishing Guide. Due to their easy multiplication and easy spreading both online and offline, the “scams” industry will never go away. But this doesn’t mean you can’t get ready to face phishing scams. Test your knowledge and learn tricks from top cybersecurity specialists in our 3-minute quiz .

So far, the most commonly used phishing attacks consist of one or multiple scamming tactics, usually finely tuned to the context and the victims that it is targeted at. Take a look at some of the most important cyber-threats highlighted by Penta’s experts in 2020: 

Cybersecurity specialists discovered a vulnerability in the Apple native mail app. The flaws could eventually allow remote hackers to secretly take complete control of the victim’s device. The hackers act by sending a malicious email to any user that is logged-in to the vulnerable mailing app,  making it impossible to be found by deleting the malicious email afterward. Fortunately, the vulnerability has been patched with the latest software update.

In Switzerland, a phishing scam impersonating PayPal has gained a lot of attention. The SMS that was sent out targeted people who usually receive funds through Paypal, only that the content details were raising questions among connoisseurs. The link specified in the SMS ended with the hostname section “000webhostapp”.and the signature of the text message was “no-sms.eu”. 

When trying to spot scams, make sure the first thing you do is to verify the URLs’ authenticity and to ask yourself what’s the purpose of the message. 

The third phishing attempt discovered was impersonating FedEx. Hackers sent out an email with a link aimed at tracking parcels online. If you are waiting for a delivery, it’s better to go directly to the shipping company’s website and track your package there. In order to make sure the email is legitimate, pass the mouse over the link provided in the email and check if it is hosted by FedEx.

Global crisis vs. hackers – implications of the pandemic outbreak over cyber-attacks

During the COVID pandemic, cyber-attacks have increased tremendously. Even if times like these are making it difficult for businesses to move forward, it is important for leaders to transform their challenges into competitive advantages. That’s what hackers do. They are benefiting from the general public’s uncertainty and need for information, creating the perfect scenario to spread phishing baits. 

Driven by impulsive actions, most of the targeted victims will easily click an untrusted link or download files, hoping they will be updated with the data they’re searching for. Take a look at some examples of the phishing emails that have been active since the COVID outbreak: 

ZOOM conference phishing issue works by sending employees an email requesting to enter a conference where they needed to discuss their contract termination. By clicking on the “join the meeting” button in the email, users were redirected to a cloned Zoom website in order to log in. Hackers specifically noted “email address password”, not the Zoom account password. Once they get the email address credentials, they could easily reset the other connected accounts. After filling in the information, users end up redirected to a genuine and vaguely relevant Zoom help page, as though something went wrong. At this point, the hackers already compromised their victim’s accounts.

During the past weeks, a flight refund scam was adding to the coronavirus-related online crimes. The scam relies on current uncertainties regarding refunding flights due to the global lockdown. 

The way it works is by offering a fake refund form. Victims are encouraged to enter their names and credit card details. After filling in their personal and financial data, it is sent directly to criminals or sold on the dark web. 

Ever since the global pandemic outbreak, Google reported that it is blocking millions of phishing attacks targeting Gmail accounts. Most of the cyberattacks make use of a sense of urgency related to fear and financial incentives in order to trick victims into sharing their personal data on unsafe web pages. Some examples include, but are not limited to impersonating government organizations such as the WHO, fake capitalization on government stimulus packages, and spear-phishing messages targeted at remote workers.

Global cybersecurity dynamics during COVID

Security Boulevard gathered a comprehensive list of global statistics regarding the widespread phishing attacks, tactics used, and their impact on businesses and individuals.

Before the pandemic, in 2019, nearly one-third of all data breaches involved phishing. Even if companies are working towards filtering the scam emails, nine out of ten verified phishing emails found their ways past defense systems. Those scams were discovered in environments protected by secure email gateways. Nearly 90% of companies dealt with spear-phishing attacks in 2019, whereas 86% of survey respondents were victims of business email compromise cyberattacks.

Due to the COVID pandemic, cybercrimes are on an upward trend. In one week, Google blocked more than 18 million COVID-19 phishing emails and over 240 million COVID-related email spam messages daily. Since the beginning of the outbreak, 51,000 COVID-related website domains have been globally registered. Between April 6-17, almost 95% of Coronavirus-related cyber attacks were phishing scams. 

Overall, individuals play an important part in phishing scams, that’s why 49% of data breaches happened as a result of human error and system glitches. More than that, nearly 38% of users who don’t attend cyber training fail phishing tests. The average cost of human error data breaches was $3.5 million. More than the average cost of system glitches, estimated at $3.24 million, and less than the $4.45 million – the average cost of malicious & criminal attacks.

Security is a strategy, not a product. And the best strategies start with an extensive learning phase. Discover all about how phishing scams work and the types of scams that might target you or the company you work for in the education chapter

Make sure your company’s assets are protected and your working habits are safe from cyberthreats. Action steps mapped out for business, employees and IT departments will help you ensure a tailored cybersecurity strategy. All about it, and more in the final chapter of the Phishing Guide.