Spoofing & Phishing Attacks On The Rise

by Rick · April 1, 2021

Ron Frechette

Cybersecurity Awareness – By Ron Frechette, The Cyber Coach

Over the past 24 months, especially with everyone being confined to their homes for the majority of 2020, spoofing and phishing attacks have become the most common attack vectors used by cybercriminals. So, we want to provide a Spoofing & Phishing Refresher for our readers and provide some ways you can avoid becoming a victim of these malicious and potentially life-altering acts.

How Spoofing and Phishing Work Together

Spoofing is a technique deployed by cyber criminals to modify a domain name, phone number, email address, or IP address, and use it for unlawful purposes. Email is by far the most widely used form of spoofing. The objective of spoofing emails is to trick a user into thinking the email they are receiving is from a legitimate source and coerce them into taking some form of action.

When a victim is tricked into believing the email they are receiving is legitimate (successfully spoofed), they will be directed to click on a link or open an attachment. Once they click the link or carry out the request, they can become infected with malware, ransomware, or have their credentials hijacked. This is the act of phishing.

Real Life Spoofing and Phishing

I received this email from Wells Fargo. The email address displayed is Wells Fargo (notificationsalertonline@wellsfargo.com). If you look closely at the word Wells Fargo in the email, there is a small dot positioned over the “o”. At a glance, the untrained eye may see this as a legitimate email. This is an obvious attempt to spoof me into clicking the “Click Here” link.

Clicking that link would most likely take me to a site that would ask for my username and password or I could be infected at that moment with malware or ransomware. This is a classic form of a successful phishing attack.

Another best practice when viewing emails is to hover your mouse over the URL. This will reveal the actual URL where the email was generated.

Facts about Spoofing and Phishing Attacks:

Spoofing and phishing attempts have grown 65% in the last year
76% of businesses reported being a victim of a phishing attack in the last year

30% of spoofing messages get opened by targeted users and 12% of those users click on the malicious attachment or link

95% of all attacks on enterprise networks are the result of successful spear phishing

1.5 million new phishing sites are created each month

How to Combat the Spoofing & Phishing Epidemic

The most effective way to reduce the threat of becoming a victim is by implementing a phishing simulation tool and security awareness training. A phishing simulation tool sends test phishing emails to see how vulnerable you are to attacks. They are designed to keep us alert and simulates different environments in which an attack could happen. Over time, organizations have seen up to a 90% decrease in successful spoofing and phishing attacks.

There are several companies in the market that offer these types of services. They are very cost-effective and offered as a subscription-based service. There are also open source phishing tools that can be administered for free. Gartner Peer Insights is a great source for reviewing Phishing Simulation and Training programs. We listed the URL in the Sources below.

The cybercriminal landscape is only increasing as we get further into the Digital Age. The key is to look for a program that can assess, educate, measure, and reinforce good cyber hygiene. Until next month, wishing you a blessed Easter season and safe travels in cyberspace!

Questions? Send me a tweet: @GoldSkyRon or email: ron.frechette@goldskysecurity.com

Sources:

https://www.gartner.com/reviews/market/security-awareness-computer-based-training/vendor/symantec-blue-coat/product/phishing-simulation-training

http://www.phishing.org/what-is-phishing

https://en.wikipedia.org/wiki/Phishing