If the past year has shown us anything, it is that the digital threat landscape is constantly adapting to world events and circumstances. The pandemic has provided a lot of opportunity for bad actors to take advantage of fear and paranoia in society. Phishing via high-risk URL’s and spam emails remains one of the most widely used attack vectors. Here, I’ll be highlighting key parts of our recently published Webroot Brightcloud Threat Report to illustrate what’s changing in the world of phishing.
Over the past year, the vast majority of malicious emails we’ve seen have used COVID-related language to entice recipients to click. By pretending to be from official organizations like the CDC and WHO, architects of these emails tricked people into downloading malware. Those running these campaigns are deliberately harnessing fear and uncertainty to achieve their malicious ends.
This fear-based strategy is nothing new – world-changing events have been used as backdrops for malware campaigns in the past. However, these threat actors have been hard at work to make sure that their fronts are increasingly convincing. Good grammar, legitimate-looking email addresses and a growing knowledge of people’s clicking habits have contributed to a notable increase in malware infections.
One of the interesting developments that we’ve noticed are the types of services being mimicked in phishing attempts. As people have been stuck inside for the past year, our online shopping and streaming time has skyrocketed. Consequently, the number of phishing URLs mimicking services like Netflix, Youtube and Twitch has gone up dramatically:
Remember when it was impossible to get medical masks and cleaning materials at the beginning of 2020? Well, scalpers acquired huge amounts of profit by re-selling products like N95 masks and Lysol on eBay. People flocked to the website to stock up on these hard-to-find products. What happened next? Spoiler alert: malware teams quickly took notice and capitalized on the increased traffic. eBay became the most prevalent phishing target in 2020, while in 2019 it didn’t even make our top 10 list!
This is a perfect reflection of how nimble and adaptive threat actors have become. They keep an incredibly close eye on internet traffic and societal habits. It makes sense for them to go phishing in the water that will yield the largest catch, right? When people start relying on a website like eBay to acquire necessities, they become prime targets for these massive phishing campaigns. Some of the common methods used to send people to phishing websites are:
- Running Google ads for a fake website that show up at the top of the search results for those without adblockers
- Sending e-mails out to known account holders with requests like:
- Your account has been compromised! Please log in to change your password now
- Your package is on its way. Click here for tracking information
It’s important to be aware of these tactics so as not to become a victim.
We have learned a lot this year about how threat actors develop their tactics to match popular trends. They are professionals at sensing and capitalizing on widespread fear and trends. Unfortunately, the pandemic provided them with a ton of ammo for their threat arsenal.
Phishing remains one of the easiest and most cost-effective ways to distribute malware and steal personal information. Moving forward, it’s vital we all do our part to inform and educate users on how to mitigate these attacks. Bookmark regularly used links, create unique passwords for each service and keep your antivirus solution up to date.
I’d love to hear from the community about their experiences with phishing. Have you ever been a victim of phishing? Ever had a close all? Tell us about your experiences in the comments below!
🤯