Beware, your login details are being targeted more than ever - here’s what to look out for
Phishing scams are constantly changing tactics - here’s how to stay ahead of the curve
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Research fromCofensehas found that user credentials are being targeted by hackers and scammers on a scale never seen before.
Indicators of compromise (IOC), digital evidence of a cyber attack, forcredential phishinghave increased in Q3 by close to 45% over Q2, the company’s report found.
Compared to the Q3 period of 2022, IOCs of credential phishing are up 85% with PDFs being the most common malicious file extension attached to a phishing email.
Don’t take the bait from phishy emails
This significant increase in phishing attacks could be attributed to several factors. Scammers have adapted their tactics to bypass email spam filters by employingGoogleAMP to make their phishing links appear more legitimate by utilizing the recognized ‘www.google.com’ domain to make a phishing link appear more trustworthy.
Another factor contributing to the rise of phishing in Q3 is the use of QR codes. By looking at a QR code with the human eye, it is impossible to tell where it will take you. But scammers can direct you to a legitimate looking website that will then ask you to provide your credentials to log in.
The most prevalentmalwareassociated with phishing in Q3 was the Agent Tesla keylogger, closely followed by FormBook information stealer. The most popular delivery methods to infect your computer with these forms of malware are the CVE-2017-11882 exploit, which uses a corrupt memory exploit to run arbitrary code, and PDF droppers, which are specially built PDFs that execute a document file when clicked, installing malware onto your system.
In terms of the domains most used in phishing attempts, .com has remained as the most prevalent domain, however .ru has seen a significant rise in popularity over the previous quarter most likely due to an increasing use and success of Phishing as a Service (PhaaS) tool Caffeine.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
While it is difficult to identify where threat actors launch campaigns and attacks due to the use of VPNs, Cofense identified malicious cyber activities through the use of Command and Control (C2) servers which are used to deliver phishing campaigns on behalf of threat actors. The US remained as the main location for C2 nodes, with 71% of phishing campaigns utilizing a C2 source with a US based IP.
The report states that “This is likely to continue as manycloud hostingservices abused by threat actors are hosted in the United States.”
More from TechRadar Pro
Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.
This new malware utilizes a rare programming language to evade traditional detection methods
Google puts Nvidia on high alert as it showcases Trillium, its rival AI chip, while promising to bring H200 Tensor Core GPUs within days
Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time
