The recent actions by INTERPOL against a ‘phishing-as-a-service‘ network have starkly demonstrated the global reach and destructive potential of cyberattacks.
But phishing isn’t confined to the dark web; it’s now reached the inboxes of Exabytes’ valued customers.
Luckily, Exabytes’ customers have identified these tricky phishing emails and promptly alerted Exabytes.
In this important article, we will show screenshots of these phishing email attempts, providing a strong reminder for all Exabytes customers.
Our goal is to help everyone stay safe by staying alert and avoiding suspicious links and the traps set by these malicious phishing campaigns.
The world is reeling from the staggering $50 billion in losses due to business email compromises.
In light of this, robust email filters and vigilance have never been more important in our collective battle against these threats.
What is Consumer Phishing?
Consumer phishing occurs when fraudsters mimic your brand using fake website domains and email messages that closely resemble yours.
This can lead to customers losing trust in your brand.
If you don’t take steps to safeguard your email-sending domains, you could face problems like blocked emails, reduced chances of reaching your audience, and lower success rates in your email marketing efforts.
Latest Statistics and Phishing Reports
Phishing is a cybercrime where criminals send deceptive messages, often through emails, texts, social media, or phone calls.
These messages contain suspicious, harmful links that aim to trick people into downloading malware or visiting fake websites.
Here’s a rundown of phishing statistics and facts for 2023:
1. Phishing attacks are still very common
Phishing remains the most widespread form of cybercrime. In 2022, 83% of UK businesses that experienced a cyber attack reported that it was a phishing attack.
On a global scale, 323,972 internet users fell victim to phishing attacks in 2021.
This means that half of all users who became victims of cybercrime were targeted by phishing attacks.
Interestingly, despite Google’s strong cybersecurity measures, which successfully blocked 99.9% of phishing attempts from reaching users, phishing attacks continue to be a significant threat.
According to the APWG’s Phishing Activity Trends Report for Q4 2022, phishing attacks reached an all-time high in the previous year. In total, there were more than 4.7 million phishing attacks in 2022, with 1.35 million occurring in Q4 alone.
This represents a consistent annual growth rate of 150% since 2019.
2. Phishing attacks are getting more sophisticated
Attackers frequently exploit trusted domains to deceive individuals into thinking their links are secure.
Cofense’s data reveals that Amazon AWS, Sharepoint, and Google continue to be the top three most commonly used domains for such deception.
Interestingly, in Q1 2023, YouTube unexpectedly joined this list due to a backend vulnerability that allowed malicious actors to redirect victims to their own websites through YouTube links.
Cofense also confirmed Symantec’s findings regarding attackers’ ability to swiftly take advantage of current events.
They verified that in 2020, there was a surge in phishing attacks related to COVID-19, often claiming to offer financial assistance to those affected by the pandemic.
3. Loaders are the most commonly used method in cyberattacks.
According to Cofense’s Q1 2023 Intelligence Trends Review, loaders continue to be the primary tool employed in phishing attacks.
Surprisingly, keyloggers and information thieves ranked second and third in prevalence, respectively.
This is noteworthy because back in 2019, nearly 74% of phishing attacks primarily focused on stealing usernames and passwords, a tactic known as credential phishing.
These types of attacks can be particularly challenging to prevent because the phishing emails often do not exhibit obvious signs of malicious intent.
Many of them originate from compromised business email accounts, a technique known as business email compromise (BEC).
Moreover, attackers frequently take additional steps by creating fake login pages, known as phishing sites, hosted on custom domains within Microsoft Azure, which might end with “windows.net.” This makes the fraudulent sites appear legitimate, making it even harder to detect the scam.
How Phishing Email Attack Impact Company Reputation
If a company faces a significant data breach, it cannot keep it hidden.
Employees, partners, and customers would lose trust in the business.
The public attention that follows a major data breach can severely damage the company’s brand reputation.
In such a scenario, the company could potentially lose employees, partners, and customers.
For loss of company value and business disruption, let’s put this into perspective.
Take a look at the top most costly phishing attacks according to The SSL Store:
- Facebook and Google fell victim to a complex invoice scam that resulted in the loss of $100 million.
- FACC, an Austrian aerospace parts manufacturer, suffered a $61 million loss due to a CEO fraud scam.
- Upsher-Smith Laboratories, a U.S. pharmaceutical company, lost over $50 million in just three weeks as a result of cybercriminals impersonating the CEO.
- Crelan Bank in Belgium experienced a CEO fraud attack, leading to a financial loss of $75.8 million.
What Do Phishing Campaign Messages Usually Contain?
Phishing campaign messages aim to trick recipients into taking specific actions, like clicking harmful links, downloading infected files, or sharing sensitive data.
These messages typically share common characteristics:
1. Fake Logos and Branding
Phishing emails use copied or forged logos, branding, and graphics to appear genuine.
2. Urgent or Alarming Language
Phishing messages create a sense of urgency by claiming your account is at risk, your password is compromised, or you’ve won a prize that must be claimed immediately.
3. Spoofed Sender Information
Phishers hide their identity by faking the sender’s email address to look legitimate, often posing as banks, social media, or well-known companies.
4. Requests for Personal Information
Phishing emails may ask for sensitive data like usernames, passwords, Social Security, credit card numbers, or bank details.
Legitimate organizations rarely request such information via email.
5. Attachments with Malware
Some phishing emails include malware in disguised attachments, often as important documents or invoices.
6. Links to Malicious Websites
These messages contain links that seem real but lead to malicious websites designed to steal personal and financial information.
Phishing Campaigns Targeting Exabytes’ Customers
Lately, Exabytes customers have become the target of phishing campaigns.
The screenshots below show that these phishing emails look very real. One of them even uses the Exabytes logo to look more convincing.
This particular email says the ‘invoice is attached to all Webhosting services’, creating an urgency for the recipient to make payment as the outstanding payment can affect other related services.
At the bottom of the email, there was a link to click on to make the payment.
Of course, the link given is Not a real Exabytes link on the Exabytes website.
Steps to Take When You Receive Phishing Emails
Step 1: You See a Phishing Email in Your Inbox
If you accidentally click on a suspicious email, don’t panic.
Modern email clients like Gmail or Outlook usually won’t harm your computer by just opening a suspicious email.
Most likely, you haven’t been infected with malware.
However, it’s important not to click on any links or download attachments from the message.
Avoid following any instructions in the email, such as making phone calls or sending text messages.
Additionally, do not reply to the email.
Phishing emails are often sent to many people, and the sender might not even know if your email address is active.
Don’t give them any indication that your email is active, as this could make you a specific target.
Step 2: Report the Email
Phishing attacks are unequivocal scams, and it’s essential to report any phishing emails you receive to the appropriate authorities.
If you’re using a work email account, you should report the phishing message to your IT team.
Your company may have specific policies in place for handling phishing emails, such as filling out a form and forwarding it to the security team.
If you’re uncertain about the procedures, reach out to your IT department and ask for guidance.
In the meantime, keep the suspicious email in your inbox but avoid interacting with it any further.
For private email accounts, your email provider likely has a process for reporting phishing emails.
For instance, in Gmail, you can report a phishing attack directly from your inbox. Similar reporting options are available in other email services.
The more these phishing emails are reported, the better the email services can become at filtering out similar threats.
Reporting helps protect you and others from falling victim to scams.
Step 3: Delete the email
Once you’ve gone through the process of reporting the message, it’s safe to go ahead and delete it.
In most email clients, deleting a message sends it to another folder labelled “trash” or “deleted items.” If this is the case, you’ll want to navigate into that folder and delete it there, too.
Step 4: Prevent Future Phishing Emails
While email filters are effective at blocking many phishing scams, scammers continuously develop new tactics to bypass them.
Strengthening your overall security is a smart move.
For individuals, regularly updating security software can provide an additional layer of protection, helping to prevent phishing attempts and other malicious emails from reaching your inbox.
If you’re part of a business or organization and you notice an increasing number of phishing attempts slipping through, it may be time to consider upgrading your IT security provider.
Remember that phishing attacks are just one aspect of the broader landscape of digital threats.
It’s essential for businesses to prioritize security and establish robust support policies to safeguard their operations and data.
Final Takeaways
When it comes to phishing threats, vigilance remains our best defence.
As we conclude our alert on the phishing campaign aimed at Exabytes customers, it’s evident that the battle for email security continues to evolve.
Recognizing the perilous nature of phishing emails and their suspicious links, it’s essential for individuals and organizations alike to prioritize their defences.
Email filters, the digital gatekeepers, stand as our first line of defence, actively thwarting phishing attempts.
Remember, a single click on a suspicious link can unleash chaos.
Staying informed and maintaining robust email security measures are some of the best ways to protect ourselves against these malicious phishing campaigns, ensuring a safer online environment for all.
🔐 Elevate Your Digital Safety Now!
Explore our Detect to Protect Program initiative at Exabytes and fortify your online presence against cyber threats.
Secure your data, safeguard your business, and ensure peace of mind with our cutting-edge cybersecurity solutions.
Act now to protect what matters most!
Related articles: