- Phishing emails with malicious URLs are used four times more than those with attachments, proofpoint investigation allegations
- Clickfix Attacks also increased by 400% in annual shift
- A safety diaper approach is the best way to defend
Phishing scams and malicious URLs continue to be the scourge of the business world, increasing in annual shift and becoming more dangerous per minute, new research has warned.
A new Proofpoint article, based on data from the business intelligence platform, supports phishing emails with URLs, rather than attachments, increase in popularity; that Clickfix is currently the number one method to encourage victims to be infected; And that most criminals are interested in stealing connection identification information.
Phishing emails have always been the number one initial attack vector for their simplicity, their low cost and their omni prevalence. However, the delivery of malware via attachments is no longer so simple, with different e-mail safety solutions becoming rather good to scan and filter malicious content.
Clickfix, QR codes and SMS messages
The cybercriminal community responded by swiveling the URL – these days, they are used four times more than attachments. Indeed, they are easier to disguise and more likely to escape detection, maintains the point of evidence. The disbelievers would integrate them into messages, buttons, even inside benign attachments such as PDFs or Word documents.
In many cases, URLs lead to sites with a clickfix contextual window. Clickfix is a phishing technique where the victims are shown a false error, and have the means to “solve” the problem immediately. These attacks have also increased by almost four times in annual shift.
Proofpoint also said that most of the threat actors wanted to steal connections because it spotted 3.7 billion attacks based on URL aimed at flying such secrets. This is mainly due to the fact that the infostorption-malware such as Cogui or Darcula is phishing kits with a low skill content which can be easily obtained and deployed.
Other notable methods include the threats of phishing of the QR code (Quishing) and the SMS phishing (Sissh), the latter pivoted 2,534% in annual shift.
“The most damaging cyber-men do not target machines or systems. They target people.
“QR codes in e-mails and false Captcha pages at Smiming scams first mobile, the armament attackers of trust platforms and familiar experiences to exploit human psychology. Defense against these threats requires multilayer detection and fueled by AI and a human-centered safety strategy.”
How to defend yourself against phishing
The best defense against phishing emails with malicious URLs is diaper protection.
Companies can start with an e-mail safety gateway that blocks suspicious links before they can even reach the reception box. Then, with the isolation of the browser or the writing of links, the systems can “explode” (trigger, fundamentally) URL in a safe environment.
Finally, each company should train its employees on how to identify phishing emails, how to fly over the links to return where they lead, how to check the sender and avoid clicking on unexpected messages. Finally, the application of Multi-Factor Authentication (MFA) is always recommended, as is the protection of update termination points to catch malware if someone clicks.
Finally, companies must implement strict access controls and surveillance so that even if a link passes, the damage remains contained.
