Major Phishing Attacks that have Terrorized the World & Countermeasures

Phishing is a fraudulent attempt at stealing sensitive and confidential data of a user through the means of email. With an increase in the number of internet users, cybercriminals have the scope to target more and more users. The number of phishing sites reported are declining since it is becoming harder to detect phishing sites. Here are some of the biggest cases in the year 2018, proving that attackers are becoming smarter and faster.

PHISHING ATTACKS THAT HAVE TERRORIZED THE WORLD

1. FAKE EMAILS REGARDING GDPR PRIVACY POLICY

As per the GDPR guidelines, companies were supposed to send notifications regarding privacy policy to their customers, however, attackers were aware of this and used this information to fool people.

2. AIRBNB

In one of the cases, security firm Redscan found out that the attacker impersonated to be Airbnb and sent emails asking users to update their privacy policy.

3. FREE WORLD CUP TICKETS

In June 2018, people starting receiving emails that promised them free tickets for world cup in Moscow. The email went so viral that FTC (Federal Trade Commission) had to issue an advisory, asking people not to believe such emails.

4. PHISHING THE TAX PROFESSIONALS

Once the tax season ended, scammers pretended to be people from state accounting associations and used forgery to extract tax professionals’ sensitive information from the IRA’s website.

5. VACATION RENTAL SCAMS

In the year 2018, attackers started manipulating people with the rental offers around the fourth of July. Scammers targeted landlords that had put their houses on the listing and after hacking their email accounts, attackers replaced it with their own email address. A number of people fell for lower prices quoted by the attackers.

6. DETAILS OF 6.8 MILLION CUSTOMERS LEAKED

Elliot Alderson, a French cyber security researcher, claimed that in a major attack on the website of a gas company, Indane, personal information of approximately 6.8 million customers was estimated to be compromised with.

7. DATA THEFT FROM FACEBOOK USERS

According to Facebook, attackers successfully stole data and information of approximately 30 million Facebook users.

PHISHING ATTACKS IN INDIA

• Phishing attacks in India accounted to be around 26% of the total attacks taking place in the country.
• As per the industry’s data analyzed by ThreatCop, a phishing simulation and awareness tool, phishing attacks grew by more than 60% in the year 2018.

After comparing the above three attack vectors, it has been found out that the most prevalent attack between the three is the Phishing attack.

• On a subregion level, it has been discovered that Jammu and Kashmir is attackers’ favourite when it comes to targeting the region with Phishing attack. Approximately 80% of the attacks in the region are phishing attacks.
• Meghalaya was found to be least affected by Phishing attacks, accounting to 100% of all the cyber-attacks.

PHISHING ATTACKS WORLD WIDE

• According to the FBI, there was a 60% increase in the phishing emails that were aimed at stealing tax data or money. FBI has also revealed that business email compromise almost cost up to 50 percent of the total loss that was estimated to be around $1.4 billion.
• Researchers at Kaspersky Lab have stated that c An estimated 18.32% of the users were attacked.
• During the year 2018, more and more phishing sites used top-level domain or TLD.
• The maximum number of the domain registration for phishing sites were done through GoDaddy in the first quarter of 2018.
• 54% of the companies had experienced one or more attacks that compromised with their IT infrastructure and data.
• According to a news report, India ranked 3^rd in being vulnerable to phishing attacks all over the world
• It has also been discovered that India comes second to U.S. when we talk about top hosting countries for such attacks. Canada, U.S. and the Netherlands are the most targeted countries after India.
• According to RSA Quarterly Fraud Report published by global digital security provider, RSA security, in the third quarter of the year 2018 phishing scams accounted to around 50% of the total 38,196 frauds. The third quarter saw approximately 70% increase in phishing attacks in comparison with the previous quarter.
• There was an approximate increase of 27% in the frauds because of the malicious mobile applications.
• There was an 8% increase in the number of credit cards that were compromised when compared with the last quarter that resulted in the number reaching approximately 5.5 million.
• According to a research, phishing cases that involved HTTPS increased during the year 2018.

INDUSTRY WISE STATISTICS FOR PHISHING ATTACKS

According to a survey, it was discovered that Insurance sector is the most targeted with the percentage of attacks coming out to be around 32.66% while government sectors were hit with almost 25% of the attacks. The other industries that have been most prone to phishing attacks during the year 2018 are Manufacturing, Technology, Retail, Energy, Healthcare, Other Industries, Businesses as well as Financial Services.

FUTURE PREDICTIONS

• The term Artificial Intelligence was coined in the year 1956. However, this term has found its practical meaning only in the recent years. Experts have predicted that attackers will not only focus on targeting AI based systems in the coming years but also, will incorporate artificial intelligence techniques in their attacks.
• Since manufacturers focus on providing features in IoT devices rather than securing them just for the sake of cost cutting, it is estimated that attackers will direct more and more attacks on these devices.
• The world has been accustomed to 4G network infrastructure and is now moving towards 5G network infrastructure. 5G IoT devices will dominate the market and will soon be on the attackers’ hit list.
• Perpetrators will target their attacks on home-based Wi-Fi routers.
• One of the most commonly target areas of the industry is software supply chain. It is estimated that in the years to come, the number of attacks will only increase.
• With the help of information and data gathered by ThreatCop, one can safely say that in the coming times, attackers will deploy attacks that are more sophisticated in nature and industry specific.

REASONS FOR THE PREVALENCE OF PHISHING ATTACKS

1. Lack of awareness

Phishing is the most common and prevalent type of cyber-attacks all over the world since according to a survey by McAfee done on 19,000 people, approximately 97% of the people are unable to identify such attempts.

2. Unwillingness to take preventive measures

Humans have always been lazy in nature. They tend to avoid any activity that involves a bit of work. This is reflected when it comes to taking safety measures for securing data present online. Unfortunately, attackers are aware of this psychology and use it to trick ignorant users.

3. Attackers are four steps ahead of you

Unfortunately, attackers are smarter than most of the people. They understand the way world works and plan ahead of time. Realizing the latest trends, mood and demands of the general public, they are able to build up attacks that can easily fool people.

PREVENTIVE MEASURES AGAINST PHISHING ATTACKS

1. Be cautious: Always make sure that you take a minute to look at the email. Email services usually detect emails that seem malicious and these generally end up in your spam folder. However, many times these emails go undetected. Therefore, it is important to go through all the details of an email. There are some of the red flags that one should keep in mind that includes sender id, the relevance of the message of the email, URL of the links in the body of the email and any random attachments.
2. Verifying the site security: Even if you unknowingly click on the link present in the email, take a careful look at the landing page. Check whether the site has been secured with HTTPS or no
3. Update your browser: There are many security patches available in the market that help you secure any loopholes attackers might be able to exploit.
4. Do not click on those pop-ups: Be careful while clicking on those pop-ups since these have the ability to imitate legitimate and genuine components of an actual website.
5. Avoid giving out personal details: Ensure that your personal information does not fall into the hands of malicious entities and therefore, only after doing a double check, put in your personal out there.
6. Be ready: Phishing simulation and awareness tools come in extremely handy to combat against such sophisticated phishing attacks. These tools help you understand the modus operandi of the attacks deployed by attackers in a simulated environment. Once the simulated attack is over, knowledge impartment is done with the means of case studies, advisories, newsletters, informative videos and infographics.

Keep your eyes and ears open: It is important to keep yourself up to date with the latest attacks taking place in the cyber world. As our elders say ‘prevention is better than cure’.

Gracy Williams

Gracy Williams is the co-founder of InfosecUpdates, a blog dedicated for cyber security articles, and is enthusiastically engaged in cyber security research for more than a decade. At the moment, she is aiming to share her ideas with the world through the medium of writing.