What are phishing attacks?
In a phishing attack, a cybercriminal tries to impersonate a person, a business or a government organization in emails, calls, texts and other forms of communication. The goal of phishing is to obtain access to your personal information, bank account and credit card details, passwords, logins and more. Even though these attacks have been around for a very long time, each year they are getting more and more sophisticated. Here are the latest trends in phishing attacks:
Phishing attack trends of 2019
- Mobile phone phishing – in recent months, a significant number of phishing attacks were carried out through texts and phone calls.
- Geographically-specific phishing – when setting up their attacks, hackers use targeting features just like ad publishers to make their attacks viewable only in specific geographical regions.
- Using HTTPS encryption – most legitimate websites have switched to HTTPS encryption on their websites for better cybersecurity protection, and hackers are not falling behind – many phishing websites have also started using HTTPS encryption.
- Multiple folders – the longer a user stays on the phishing website, the higher the chance that this user will fall for the scam. For this reason, phishing hackers have started to use lots of folders on their websites to keep people active on the website longer.
Popular types of phishing attacks
In addition to coming up with new ways to improve their phishing attacks, hackers have continued to use old and proven methods of phishing. Some of these include the use of messaging apps to spread malware to other users’ devices. For instance, it is common for hackers to post a survey and ask people to forward it to 10 friends to be eligible for the prize. The link to the survey then spreads malware to those users. Hackers also often use social media websites like Facebook or Instagram to spread links to phishing websites or sites that secretly install malware to the user’s computer. Lastly, hackers often use fake sub-domains to pretend to be real websites. For instance, a recent phishing scam used a mobile-only subdomain to impersonate the website of a large airline. The domain was only viewable on mobile devices, so browser users were easily tricked into believing that they are using a real website.