There is finally good news coming from the digital world as reports by the security culture company KnowBe4 suggest that users are getting better at recognizing phishing attacks. A lot of users are reporting email phishing attempts to their relevant IT departments. But with that being said, emails aren’t the only place where the scam is taking place. It’s now also spread across social media, especially LinkedIn according to users.
While revealing the results from reports, Stu Sjouwerman, CEO of KnowBe4, said that the bad guys still continue to go with what they have been doing in Q1. But this time, only one-third of users fell for the phishing email and clicked on the link that suggested for password check. There are more and more users now who check through their IT department before trusting a phone number, email address or internal system as they know how it only takes one click to cause the damage.
The subject “Password Check Required Immediately” turned out to be the most reported in emails with 31% complaints. The term is more often in simulations, but for real-world attacks, bad actors bring variations in order to reauthenticate for the sake of accessing email.
Another attack based on password hack read “Google: Take action to secure your compromised passwords.”
There were also subject lines like “HR: Your payroll details need updating.” and some scammers came up with taglines of prizes won, credit cards declined by Amazon Prime, missed Zoom meetings, and messages around Facebook profiles.
There is one common thing in every case: log in to see more information related to the matter.
There are also current campaigns active of now that are targeting LinkedIn users. One such example has already been reported by eSentire, according to which scammers are offering jobs on LinkedIn with the mission to install the more-eggs backdoors on the targeted individual’s computers.
Email attacks based on LinkedIn also lure victims into promising them a good appearance in searches, new connections, of password resets when required. The worst part is that people are falling for it by clicking the link mentioned in the phishing emails.
20% of the attacks also operated in the form of photo tags on Facebook whereas login alerts for Chrome on Moto X took third place by surprise with 12% of attacks adopting the strategy.
So, all you are required to do is whenever you suspect that a link is not legitimate, always confirm before clicking on any kind of link mentioned in the emails. These links always take you to a dummy site where they try to steal your personal information.
Once they receive the details, the cybercriminals then change your passwords in an instance, replace your phone number with theirs and change your email address as well. As a result of that, you lose complete access to your account.
If you get an email with the warning of changing your password for any social media site, make sure that you visit your respective social media platform to actually confirm whether a password reset is required or if it is a fake email that you have received.
The same action will also be applied for work or eCommerce sites and it is recommended that users login on the platform normally before making any move.
Read next: 57 Percent of US Adults Forget a Password Right After Resetting it [infographic]
While revealing the results from reports, Stu Sjouwerman, CEO of KnowBe4, said that the bad guys still continue to go with what they have been doing in Q1. But this time, only one-third of users fell for the phishing email and clicked on the link that suggested for password check. There are more and more users now who check through their IT department before trusting a phone number, email address or internal system as they know how it only takes one click to cause the damage.
Top Phishing Email Scams
The report by KnowBe4 also included a list of the top 10 phishing-related email subjects that the users received and reported to their IT departments. One glimpse of them showed that some of them seemed real phishing attacks whereas others were phishing simulation exercises.The subject “Password Check Required Immediately” turned out to be the most reported in emails with 31% complaints. The term is more often in simulations, but for real-world attacks, bad actors bring variations in order to reauthenticate for the sake of accessing email.
Another attack based on password hack read “Google: Take action to secure your compromised passwords.”
There were also subject lines like “HR: Your payroll details need updating.” and some scammers came up with taglines of prizes won, credit cards declined by Amazon Prime, missed Zoom meetings, and messages around Facebook profiles.
There is one common thing in every case: log in to see more information related to the matter.
What Happened On Social Media?
Along with emails, social media too has emerged as the hotspot for cybercriminals. Last year, LinkedIn surprisingly turned out to be the leader in platforms where most phishing attacks took place with 42% of emails being related to it.There are also current campaigns active of now that are targeting LinkedIn users. One such example has already been reported by eSentire, according to which scammers are offering jobs on LinkedIn with the mission to install the more-eggs backdoors on the targeted individual’s computers.
Email attacks based on LinkedIn also lure victims into promising them a good appearance in searches, new connections, of password resets when required. The worst part is that people are falling for it by clicking the link mentioned in the phishing emails.
20% of the attacks also operated in the form of photo tags on Facebook whereas login alerts for Chrome on Moto X took third place by surprise with 12% of attacks adopting the strategy.
The End Result
While users are getting smart at identifying such scams, that still won’t stop the bad actors from trying out new ways with phishing emails.So, all you are required to do is whenever you suspect that a link is not legitimate, always confirm before clicking on any kind of link mentioned in the emails. These links always take you to a dummy site where they try to steal your personal information.
Once they receive the details, the cybercriminals then change your passwords in an instance, replace your phone number with theirs and change your email address as well. As a result of that, you lose complete access to your account.
If you get an email with the warning of changing your password for any social media site, make sure that you visit your respective social media platform to actually confirm whether a password reset is required or if it is a fake email that you have received.
The same action will also be applied for work or eCommerce sites and it is recommended that users login on the platform normally before making any move.
