One of the challenges to stopping phishing attacks is that hackers used to be really nimble. They would use a new domain for each phishing attack, often keeping it active for only a few hours before retiring it forever. This fleet footedness enabled the hackers to do their dirty work before word got out about the malicious website. That situation seems to be changing.
According to an article on Help Net Security, hackers are actually getting lazy, as evidenced by the increasing number of phishing websites blocked. From the article, “This sharp upsurge in the number of blockages stems from the growing duration of phishing attacks: cybercriminals used to stop their fraudulent campaign as soon as their web pages were blocked, quickly mobilizing efforts for attacks on other brands. Today, they no longer dwell on it and continue replacing removed pages with new ones.”
What’s the source of this new “laziness”? “Several years ago, creators of phishing pages were likely to have some technical background, they created phishing pages, putting much effort into the launch of their campaigns, preventing them from being detected and relentlessly supporting their sustainability.” That’s no longer the case.
Today, “those pioneers no longer create phishing pages, they create tools for operators of web phishing campaigns who do not necessarily have any programming skills. Since this new generation of phishers are not that experienced in maintaining the web resources viable, the phishing community’s focus has shifted toward the number of scam resources.”
In other words, the very sophisticated hackers prefer making money by selling phishing kits on the dark web to script kiddies, who in turn use those resources to try and phish you. Hackers must feel there is more money in selling the phishing kits than there is in actually trying to phish someone. And they’re probably right, because anti-phishing software like that available from Phish Protection has become really effective at stopping most phishing attacks.
With domain name spoofing and display name spoofing protection, coupled with real-time link click protection, it’s getting almost impossible for phishing emails to slip through. The fact that it only takes 10 minutes to deploy, works with all major email providers and only costs pennies per user per month, more organizations are getting onboard with cloud-based email security like Phish Protection.
If your company is not yet onboard, don’t hesitate to get this protection. The hackers of today aren’t as sophisticated as they once were, but that doesn’t mean you can let your guard down. Try Phish Protection for free for 60 days.