91% av alle cyberangrep i 2020 startet via epost (PhishMe). Phishingangrep kan være vanskelige å oppdage og kostnadene blir fort store om man først blir rammet. Gode sikkerhetssystemer er viktige for å holde dataene og organisasjonen trygg, men kunnskap og en dose skepsis er også gode verktøy å ha i bakhånd.

I dette gjesteinnlegget introduserer Adrien Gendre i Vade deg til ulike phishingtyper, slik at du er enda bedre skodd neste gang en lumsk epost finner veien inn i innboksen din.

Adrien Gendre
Adrien GendreChief Product Officer at Vade

Are you my secret admirer? That was the question millions of people were asking almost 20 years ago when the Love Bug virus took the world by storm. Alternatively known as the “ILOVEYOU virus” or “Love Letter for you,” this social engineering attack infected approximately 50 million computers across the globe within ten days and cost billions of US dollars to clean up.

20 years later we are not only still dealing with these types of attacks – there are the most commonly used by cyber thieves to cause damages, and have morphed into sophisticated malware, phishing scams, ransomware, and more.

Let’s dive into this evolution of phishing attacks and some of the major trends over the past two decades.

Phish #1: Criminal Deception

The first record of the term “phishing” was in 1996 in a Usenet newsgroup. While many did not know what it meant at first, it set the foundation for what was to come. Phishing attacks soon began on AOL, targeting users by sending messages impersonating AOL employees in an effort to steal their credentials. This technique became increasingly sophisticated as phishers started to craft more believable subject lines and pose as loved ones. Later, it evolved into conversation hijacking to trick users into thinking they were communicating with a person they trust. The most common form of criminal deception today is a spear phishing attack, in which a hacker does their research and pretends to know the individual they are targeting.

Phish #2: Business Email Compromise (BEC)

A more specific form of criminal deception, BEC relies heavily on social engineering tactics and creates a sense of urgency to click on an email. Also known as a “man-in-the email” attack, this type of phishing scam takes on the persona of a company executive to manipulate an employee or unlucky recipient to respond with sensitive information. These attacks happen so often in fact, that the FBI estimates BEC accounted for more than $26B in losses from 2016 to 2019.

Phish #3: Ransomware

Ransomware is still a hot topic of discussion to this day, though it really gained ground in the phishing realm in September 2013 with the birth of CryptoLocker ransomware. The malware was distributed to more than 250,000 computers, locking files and demanding a ransom payment in exchange for a decryption key. Email used to be the main method for delivering ransomware, but the saying “everything old is new again” applies here, as they are making a comeback and hackers are more often resorting to older, basic tactics.

Phish #4: Phishing as a Service (PHaaS)

As if there weren’t enough “phish” in the sea, over the past two years, a newer phishing tactic has come to light in the darkest parts of the web. In 2018, researchers discovered that hackers were heading to the Dark Web to sell actual phishing templates to make it easier for less advanced counterparts to deploy these attacks. Not only are these templates designed to look and feel authentic to the brand they aim to imitate, but the marketing tactics used to sell the products themselves are sophisticated, some even offering coupon codes for a better deal on the purchase.

Phish #5: Themed Attacks

Nowadays, the most prominent example recently of themed phishing attacks are COVID-19-centric emails promising updates on the pandemic and information on vaccine distribution. Whether they are fabricated notices from a major health organization or claiming to be from an employer on updated procedures, there is no end to the fear, uncertainty, and doubt (FUD) that this stirs up.

Above all, these phishing techniques are just the tip of the iceberg as technology continues to evolve and attacks become more sophisticated, but they continue to serve as the basis for new techniques to come. As a pure player in Predictive Email Defense Vade for Microsoft 365 can rapidly and efficiently secure your customers’ Emails.

Contact our ISV Coordinator Kristin Bøhn to book a live demo of Vade for Microsoft 365 and learn why Managed Services Providers choose this solution:

Log into ALSO Cloud Marketplace to see all the products that Vade has to offer