Combating phishing attacks used to be just a matter of not clicking on malicious links in an email. If you could spot the suspect link in an email, and didn’t click it, you were pretty much guaranteed to be safe. Not anymore. Oh sure, hackers still want you to click on a malicious link, but their techniques for disguising them is nothing short of remarkable.
According to an analysis done by Security Boulevard, in addition to the “traditional” credential stealing phishing attacks, there are four other categories of phishing attacks which leave people vulnerable. The first of these is what they call rogue software, rogue apps & browser extensions.
According to the article, “These types of attacks typically trick users in downloading malicious software, apps, and extensions. In some cases, these attacks lure victims into installing a malicious video player or a rogue browser extension to gain permission to install socially engineered malware on their system.”
The second type of phishing attack is scareware & fake virus alerts. “These scams typically use scare tactics to trick victims into believing their computer has crashed or a virus has been detected. Trying to lure victims into calling a fake technical support hotline or prompting the user into an action that will ultimately infect their device where credit card data can be captured, credentials stolen, or a device compromised.”
The third category is social engineering, money transfer scams, and Bitcoin scams. “Social engineering is commonly used in money transfer scams to obtain credit card or debit card information to get goods, funds from an account, or credential theft. Another trend in social engineering is Bitcoin scams. Cybercriminals prefer stealing cryptocurrency because it can be used without evidence of where it was obtained.”
Finally, the last category is multi-stage phishing attacks. “It starts with a link sent in an email that is not malicious but leads to what appears to be a benign site. Once that website is opened, the user performs a task, and a local HTML file is downloaded to their computer. When the user clicks on that file from their desktop, a local HTML page is launched with a link to continue, which sends them to the final domain where the phishing content is delivered.”
Four new phishing tactics with one objective: disguise the malicious link they want you to click. Nobody is properly prepared to recognize all these tactics (and new ones surely to appear). The only thing that can protect you is a defense mechanism that doesn’t get distracted and doesn’t get fooled. What is such a defense mechanism? PhishProtection with Advanced Threat Defense.
Phishing Protection works because it never gets distracted and it never gets fooled. It only looks at links and where they point to. So, if even one link in a series of emails is malicious, Phish Protection will detect it and protect you.
Phish Protection works with all major email services, sets up in 10 minutes and only costs pennies per user per month. Try Phish Protection free for 60 days and stop worrying about phishing emails.