Recent actions taken by INTERPOL have shed light on the global reach and destructive potential of cyberattacks, especially in the case of a ‘phishing-as-a-service’ network. However, the threat of phishing attacks extends beyond the dark web; it has now made its way into the inboxes of Exabytes’ valued clients.
Fortunately, vigilant Exabytes customers have identified these cunning phishing emails and promptly alerted Exabytes. In this crucial article, we will provide screenshots of these phishing attempts, serving as a powerful reminder for all Exabytes clients.
Our objective is to ensure everyone’s safety by raising awareness and advising against clicking on suspicious links or falling into the traps set by these malicious phishing campaigns. At a time when the world has suffered staggering losses of $50 billion due to business email compromises, robust email filters and unwavering vigilance have never been more crucial in our collective fight against these threats.
What is Consumer Phishing?
Consumer phishing takes place when scammers imitate your brand through counterfeit website domains and email communications that closely mimic your own. This can result in a loss of trust among your customers. Failing to implement measures to protect your email-sending domains may result in issues such as email blocking, diminished opportunities to connect with your audience, and reduced effectiveness in your email marketing endeavors.
Latest Phishing Statistics and Reports
Phishing, a cybercrime tactic involving the dissemination of deceitful messages through various means such as emails, texts, social media, or phone calls, remains a prevalent threat.
These messages often contain deceptive links intended to lure individuals into downloading malware or visiting counterfeit websites. Here are some key phishing statistics and insights for 2023:
1. Phishing Attacks Persist
- Phishing attacks continue to be highly common, with 83% of UK businesses reporting phishing attacks as their primary cyber threat in 2022.
- Globally, in 2021, over 323,972 internet users fell victim to phishing attacks, signifying that half of all cybercrime victims were targeted through phishing attempts.
- Despite Google’s robust cybersecurity measures, which successfully blocked 99.9% of phishing attempts, these attacks remain a significant concern.
2. Increasing Sophistication
- Phishing attackers increasingly exploit trusted domains to create an illusion of security. Notably, Amazon AWS, Sharepoint, and Google are among the top domains used for deceptive purposes.
- In an unexpected turn, YouTube joined this list in Q1 2023 due to a backend vulnerability, enabling malicious actors to redirect victims through YouTube links.
- Phishing attacks have shown a pattern of capitalizing on current events, as observed during the COVID-19 pandemic when attackers offered fake financial assistance.
3. Prevalence of Loaders
- Loaders continue to be the primary tool employed in phishing attacks, according to Cofense’s Q1 2023 Intelligence Trends Review.
- Keyloggers and information thieves ranked second and third in prevalence, respectively, highlighting the evolving tactics of cybercriminals.
- Notably, back in 2019, nearly 74% of phishing attacks focused on stealing usernames and passwords, primarily through credential phishing.
4. Challenge of Detection
- Phishing attacks often prove challenging to prevent because they may not exhibit clear signs of malicious intent.
- Many attacks originate from compromised business email accounts, a tactic known as business email compromise (BEC).
- Attackers frequently create counterfeit login pages, or phishing sites, hosted on custom domains within Microsoft Azure, making them appear authentic and difficult to identify.
These insights emphasize the persistent threat of phishing attacks and the need for heightened vigilance and cybersecurity measures in the face of evolving tactics employed by cybercriminals.
Impact of Phishing Email Attacks on Company Reputation
When a company experiences a significant data breach, concealing it is not an option. The loss of trust among employees, partners, and customers can be profound, and the ensuing public scrutiny can inflict severe damage on the company’s brand reputation.
In such a scenario, the potential consequences may include the departure of employees, disenchanted partners, and the loss of valued customers.
To illustrate the magnitude of the impact on company value and business continuity, consider some of the costliest phishing attacks as reported by The SSL Store:
- Facebook and Google were targeted in a sophisticated invoice scam, resulting in a staggering loss of $100 million.
- FACC, an Austrian aerospace parts manufacturer, incurred losses amounting to $61 million due to a CEO fraud scheme.
- Upsher-Smith Laboratories, a U.S. pharmaceutical company, sustained over $50 million in losses over just three weeks, orchestrated by cybercriminals impersonating the CEO.
- Crelan Bank in Belgium fell victim to a CEO fraud attack, resulting in a substantial financial loss of $75.8 million.
These examples underscore the far-reaching repercussions of phishing email attacks on a company’s reputation, financial stability, and overall business operations.
What Are the Common Elements Found in Phishing Campaign Messages?
Phishing campaign messages are crafted with the intent to deceive recipients into taking specific actions, such as clicking on harmful links, downloading infected files, or divulging sensitive information. These messages tend to exhibit recurring characteristics:
- Imitation of Logos and Branding – Phishing emails employ replicated or counterfeited logos, branding elements, and graphics to create an illusion of authenticity.
- Employment of Urgent or Distressing Language – Phishing messages often induce a sense of urgency by asserting that your account is in jeopardy, your password has been compromised, or you’ve won a prize necessitating immediate claiming.
- Spoofed Sender Information – Phishers disguise their identity by falsifying the sender’s email address, making it appear legitimate. They frequently pose as financial institutions, social media platforms, or renowned companies.
- Solicitation of Personal Information – Phishing emails may request sensitive data, including usernames, passwords, Social Security numbers, credit card details, or banking information. Authentic organizations rarely seek such information via email.
- Enclosed Malware-Laden Attachments – Certain phishing emails incorporate malware within deceptive attachments, often disguised as crucial documents or invoices.
- Links to Malicious Websites – These messages contain links that appear genuine but lead to malevolent websites engineered to pilfer personal and financial data.
Phishing Attempts Directed at Exabytes’ Clientele
In recent times, individuals using Exabytes’ services have been subjected to phishing endeavors. The provided screenshots illustrate that these fraudulent emails bear a striking resemblance to legitimate Exabytes communications. In one instance, the malefactors even went as far as incorporating the Exabytes logo to enhance their deceit.
The content of such an email asserts that an ‘invoice is attached to all Webhosting services,’ thereby engendering a sense of urgency for the recipient to promptly settle the outstanding payment, purportedly to prevent adverse consequences for related services. Furthermore, the email contains a hyperlink at its conclusion, ostensibly facilitating payment.
However, it is imperative to note that this link does not lead to the actual Exabytes website, but rather serves the ulterior motives of the phishers.
Guidelines for Dealing with Phishing Emails
Step 1 – Encounter a Phishing Email in Your Inbox
Should you inadvertently click on a suspicious email, maintain your composure. Most modern email clients, such as Gmail or Outlook, generally won’t harm your computer merely by opening a suspicious email. Chances are, you haven’t fallen victim to malware.
However, it’s imperative that you refrain from clicking on any links or downloading attachments from the message. Avoid heeding any directives within the email, such as initiating phone calls or sending text messages.
Additionally, do not engage in replying to the email. Phishing emails are often dispatched to numerous recipients, and the sender might not be aware of the activity status of your email address. Do not provide them with any indication of your email’s activity, as doing so could make you a specific target.
Step 2 – Report the Email
Phishing attacks are unambiguous scams, and it’s crucial to report any received phishing emails to the appropriate authorities. For those using a work email account, report the phishing message to your IT team.
Your organization may have specific protocols for managing phishing emails, such as completing a form and forwarding it to the security team. If you’re uncertain about the procedures, reach out to your IT department for guidance. Meanwhile, retain the suspicious email in your inbox but abstain from further interaction.
Regarding private email accounts, your email service provider likely offers a mechanism for reporting phishing emails. For example, in Gmail, you can directly report a phishing attack from your inbox. Similar reporting options exist in other email services.
The more frequently such phishing emails are reported, the more proficient email services become at filtering out analogous threats. Reporting contributes to the protection of both yourself and others from falling prey to scams.
Step 3 – Dispose of the Email
Once you’ve completed the reporting process, it’s safe to proceed with deleting the email. In most email clients, deleting a message moves it to a designated folder labeled “trash” or “deleted items.” If this applies, navigate to that folder and delete it from there as well.
Step 4 – Prevent Future Phishing Emails
While email filters are effective at thwarting many phishing scams, scammers continuously devise new methods to circumvent them. Enhancing your overall security is a prudent course of action.
For individuals, regular updates to security software can furnish an additional protective layer, assisting in deterring phishing attempts and other malicious emails from infiltrating your inbox.
For businesses or organizations experiencing a surge in successful phishing attempts, it may be advisable to contemplate upgrading your IT security provider. It’s important to bear in mind that phishing attacks are but one facet of the broader digital threat landscape. Businesses must accord priority to security and establish robust support policies to safeguard their operations and data.
In the realm of phishing threats, vigilance remains our most effective safeguard. As we conclude our alert regarding the phishing campaign targeting Exabytes customers, it is clear that the battle for email security continues to evolve.
Recognizing the perilous nature of phishing emails and their dubious links, it is imperative for both individuals and organizations to prioritize their defenses. Email filters, serving as digital gatekeepers, stand as our primary defense line, actively thwarting phishing attempts. Keep in mind that a single click on a suspicious link can lead to chaos.
Staying well-informed and upholding robust email security measures are among the most effective ways to shield ourselves from these nefarious phishing campaigns, thereby ensuring a safer online environment for all.
Take action now to safeguard your online security! Explore our comprehensive solution at Detect to Protect Program to safeguard your digital assets. Don’t wait; secure your online presence today!