Starting in 2012, ransomware took the Internet by storm. Unexpecting and unprepared users, both individuals and businesses, found their screens frozen, their data no longer their own, and the only chance of getting it back coming in the form of sending payment, usually in the form of untraceable cryptocurrency, to the perpetrators of the crime.
The number of attacks rose year after year, topping 181 million in just the first six months of 2018, a 229% increase over the same time period in 2017. From there, a funny thing happened. Security, user awareness, and organizational control started catching up with ransomware in the second half of 2018. By the end of December 2018, ransomware attacks had dropped 60% year over year.
Unfortunately, the tapering off of one form of malware is hardly the end of the threat overall. Stymied in their attempts to use ransomware to rip users off of their hard-earned money, cyber-criminals are turning back to the art of phishing, one of the Internet’s oldest and most effective forms of hacking. Usage of a protective antivirus software like Total AV is a must in this case.
The Phishing Surge of 2018
Between January and December 2018, Microsoft reported a 250% increase in phishing, with more than 470 billion email messages used. Phishing involves practices of trying to have users go to a website where either their data is pulled or their systems are infected with some sort of malicious software. They usually take the form of links or attachments in email messages, links in social media messaging, or via text or instant messenger.
As they did with ransomware, users were able to evolve to where it became a lot easier to detect phishing attempts. Unfortunately, cyber-criminals are always looking for new ways to exploit individual users and businesses, so they have been hard at work figuring out new techniques to succeed. That has led to at least seven new types of phishing attacks on the rise that are detailed below:
- Links to fake cloud storage locations: This is particularly useful to phish employees of a company who are usually not well-versed on every single software and resource their company employs. A fake cloud link will ask for a username and password. Employees usually have one overarching password for all of their work-related logins, and typing it in here would give hackers that coveted information.
- Phishing attachment: Even if the recipient is smart enough to not click a link in a phishing email, the attachment can open when the email is opened.
- Credential links: An email from a page that looks legitimate from a service provider. When it asks for credentials, the die is cast.
- Fake texts: Gaining a user’s phone number allows cybercriminals to send texts that appear to come from familiar sources, but actually, are luring the user to travel to a phishing website.
- User impersonation: The hacker pretends to be someone you know to gain your trust to click a link or download a file.
- Domain impersonation: An email message domain looks very similar to the one you trust, such as a message from bankoamerica.com instead of bankofamerica.com.
- Domain spoofing: The email message is a fraudulent exact match of the expected domain name. The hacker hides the real domain underneath.
Fighting Back Against Phishing
Constant vigilance for every message you get via IM, text, or email is the first, best step to stay safe against phishing attacks. Anything that looks the slightest bit suspicious should be ignored and deleted. If you think it might come from a trusted source, contact that source via another method to confirm they sent it.
Above all else, well-known antivirus software for your machine should be researched, installed, and consistently updated to keep your system safe. Updating the software keeps its malware database aware of the most recent threats and gives you the best shot of avoiding them.