[ad_1]
According to a report by Cloudflare, hackers use malicious links as the top deception tactic in the period between May 2, 2022, to May 2, 2023. Deceptive links are followed by domain age (newly registered domains), identity deception, credential harvesting and brand impersonation.
Phishing links is the most common technique
Deceptive link is a legitimate-looking URL that, if clicked, opens the user’s default web browser and renders the data referenced in the link, or opens an application directly (e.g. a PDF). This may allow hackers to install a vulnerability and get hold of users’ private data. This technique comprises 35.6% of threats.
Dormant domains
Hackers use dormant domains to send malicious emails and carry out campaigns. Domain age is related to domain reputation, which is the overall score assigned to a domain.
Domains that send out numerous new emails immediately after domain registration will tend to have a poorer reputation. One-third (30%) of detected threats featured newly registered domains.
A previous report said that threat actors tend to register a domain long before they will use it to create a “clean record” and prevent security detection systems.
Identity fraud
Identity deception is also on the rise, with 39.6 million detected threats between May 2022 and May 2023. Identity deception occurs when an attacker with malicious intent sends an email claiming to be someone else.
“Some tactics include registering domains that look similar (aka domain impersonation), are spoofed, or use display name tricks to appear to be sourced from a trusted domain,” the report pointed out.
Credential harvesting
The fourth most used technique is credential harvesting. Credential harvesters are set up by an attacker to deceive users into providing their login credentials. Less tech savvy users may enter their credentials, ultimately providing attackers with access to their accounts.
Brand impersonation
It is a form of identity deception where an attacker sends a phishing message that impersonates a recognizable company or brand.
In this type of attack, hackers impersonate the brands and entities users trust and rely on. In the majority (51.7%) of cases, attackers pose as organisations, including Microsoft, Google, Salesforce and Amazon.
Attackers posed as more than 1,000 different organisations in over 1 billion brand impersonation attempts.
[ad_2]
Source link
More Stories
Google Maps: Three privacy features coming to Google Maps on Android, iPhones
Most-Downloaded IPhone App: This Chinese app was the most-downloaded iPhone app in the US in 2023
Ukraine’s largest mobile operator goes offline for millions of users after cyber attack