What are the Most Successful Phishing Attacks?
This post is also available in: 
עברית (Hebrew)
A booming success rate in COVID-19 related phishing attacks. Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. Often, phishing emails feature some topic in the news as a way to catch the recipient’s attention.
The outbreak of the COVID-19 has been exploited by cybercriminals for their latest phishing campaigns. In one example, an attacker implemented a phishing campaign directed toward key executives and financial employees at certain organizations with the goal of stealing their account credentials.
Interested in learning more about cyber? Attend i-HLS’ InnoTech Expo in Tel Aviv – Israel’s largest innovation, HLS, and cyber technologies expo – on November 18-19, 2020. Meet InnoTech’s steering committee
A report published by Menlo Security found a booming success rate in COVID-19 related phishing attacks. From February 25 to March 25, the volume of successful daily attacks rose from 200 to 6,400. This indicates the number of people who clicked on a link in a coronavirus-themed phishing email and visited a malicious website. The initial surge started on March 11, the day the World Health Organization called the virus a pandemic, and has continued to grow since, according to techrepublic.com citing the report.
With the latest coronavirus-themed campaigns, cybercriminals have been using various strategies, such as leveraging email, PDF attachments, and SaaS services.
With the coronavirus spreading, such phishing attacks are likely to increase, while attackers are expected to continue to evolve their techniques. How can organizations and individuals protect themselves?
For organizations, “the use of single sign-on (SSO) products or increasing the frequency for password changes can help,” Menlo Security Chief Technology Officer Kowsik Guruswamy said. He also recommends to organizations to turn to a threat isolation strategy. By isolating all browser traffic, potential threats can be contained.
Regarding individuals, “employees need to be hyper-vigilant and evaluate any email that covers the COVID-19 topic right now,” Guruswamy said. “To mitigate some of these attacks, they should make sure they do not use the same passwords for multiple accounts and change their passwords more frequently. There is a surge in COVID-19 based attacks and we do not see the growth in attacks flattening. The problem is after COVID-19, criminals will move to another tactic and different techniques.”
Interested in learning more about cyber? Attend i-HLS’ InnoTech Expo in Tel Aviv – Israel’s largest innovation, HLS, and cyber technologies expo – on November 18-19, 2020 at Expo Tel Aviv, Pavilion 2.
