Digital embezzlement is more alarming than ever. The most widespread is phishing, which circumvents digital protections through constantly renewed methods of deception. What are these threats? How to protect yourself from it? Discussed discovered threats in 2023 through this article.
The Threat Of Deceptive Links, One Of The Main Phishing Threats In 2023
Deceptive links have always been one of the main phishing threats. According to a Cloudflare report on phishing, they constituted 35.6% of phishing attacks in 2023. These computer attacks allow cybercriminals:
- to compromise an information network;
- to capture your identifiers;
- and execute codes remotely.
This allows them to install malware or take control of your workstation. Although these risks are known, misleading links remain formidable. Therefore, it is necessary to be more vigilant since it also promotes a more dangerous phishing threat: multi-channel phishing.
Multi-Channel Phishing
According to Cloudflare, a new trend to watch out for is multi-channel phishing, one of the new main phishing threats. It mainly targets businesses. Indeed, as its name suggests, this threat proceeds through several digital channels. On the other hand, businesses typically use its channels for various forms of business.
They, therefore, find themselves exposed to the main phishing threats, including multi-channel phishing. Its so-called “deferred” form allows us to understand better what it consists of.
Overview Of Delayed Multi-Channel Phishing
Delayed phishing is carried out using a deceptive, initially harmless link. It follows several steps. First, the cybercriminal decides the target and predicts the opportune moment to attack it. It then sets up a domain, then an initially harmless web page. He often configures email authentication methods, so email systems do not detect malicious intent. This done, he sends from his new domain an email with a link that directs to the still harmless web page.
His message thus passes through the electronic mail system without appearing suspicious. The attacker makes the web page malicious when this email reaches its destination. For example, he can add a login page for capturing identifiers. All it takes is for one of the company’s employees to enter their credentials after viewing the email. The cybercriminal will have succeeded in his attack.
Identity Theft, One Of The Main Phishing Threats In 2023
Identity theft represents the third category of major phishing threats. It occupies 14.2% of attack detections recorded by Cloudflare between May 2022 and May 2023. One of its most widespread forms is the BEC attack, which compromises professional email.
Unlike traditional phishing, BECs exploit the behavior of email recipients and internal company processes. These attacks can extend to the target’s supply chain and trusted partners. They are used to extort the target, for example, by making him pay invoices under the identity of a trusted colleague.
Brand Theft
Data collected by Cloudflare reveals that cybercriminals impersonate nearly 1,000 different companies for approximately one billion spoofing attempts. Among them :
- Google ;
- Youtube ;
- Apple;
- Amazon;
- SpaceX;
- And Microsoft.
Microsoft is also the most misused brand. Brand spoofing, primarily via fraudulent emails, presents significant challenges for authentication measures. Although methods like SPF, DKIM, and DMARC help verify the authenticity of emails, they have their limitations. Cybercriminals can bypass them, cleverly configuring their emails to pass filters.
How Do You Protect Yourself From The Main Phishing Threats?
You can adopt a zero-trust approach for adequate protection against major phishing threats. Use a multi-layered defense against phishing. That implies :
- real-time blocking;
- fraud detection;
- isolation of suspicious attachments;
- and preventing data exfiltration.
Opt for robust multi-factor authentication that prioritizes physical security keys. Implement the principle of least privilege and micro-segmentation to strengthen security. These measures have already proven themselves against the main phishing threats.
In Conclusion
The main phishing threats target both professionals and individuals. It is more than essential to stay informed and take steps to protect yourself. Any experiences and advice regarding these threats? Please share them in the comments to help strengthen digital security.