Cybercriminals Employ Extreme Phishing Tactics to Steal Data

By November 14, 2024Cybersecurity
phishing tactics

Cybercriminals never stop trying to find new ways to steal your data, and the new phishing tactics they are employing are more deceptive than ever. Businesses must remain proactive by implementing measures to prevent these attacks and by also increasing employee awareness.

Latest Phishing Tactics Threatening Your Data

The cybersecurity industry has been preaching for years about the importance of being cautious when opening files or clicking links that arrive by email. Years have been spent training employees to look for the telltale signs of spoofed emails. But some of these new threats are even more difficult to detect.

Search Engine Phishing

Online searches can lead to search engine phishing when the user clicks on a search result that has been hijacked and is then redirected to a mock site. Once on the fake website, the next click will install a malware loader on the computer. Individuals and businesses are at risk of losing sensitive data as a result of this scheme.

SEO Poisoning

SEO poisoning is a search engine phishing method in which the threat actor takes the top spot in a Google search result. In a departure from traditional attacks, hackers are tainting Google search results by spreading malware through a link that was supposed to go to a VPN solution. The cybercriminals use sophisticated techniques to trick the victim, by renaming files or sending error messages that look like they’re coming from a legitimate company.

Hyper Realistic AI Attacks

There are over 2.5 billion Gmail users, and each are potential targets of very realistic and sophisticated attacks, as was discovered by this target who works for Microsoft. After the user ignored an obvious phishing attack (and subsequent phone call) in the form of a Google account recovery attempt, the threat actor tried again a week later. Only this time, the cybercriminal used the previous failed attempt to instill fear by saying that a hacker had previous access to the account and that data had already been compromised. When the target attempted to verify the phone number calling him, it appeared to be a legitimate Google number. In a separate Google phishing attempt, the target was directly contacted by an alleged Google support technician. You can read the full details of their stories in this piece from Davey Winder on Forbes.

LOTS Threats

LOTS (Living Off Trusted Sites) threats are also becoming commonplace. A LOTS threat is a cybersecurity threat in which attackers exploit trusted websites and platforms to carry out malicious activities, gaining credibility and avoiding detection by leveraging the reputation of these sites. Instead of creating suspicious domains or URLs, cybercriminals use commonly used sites like Google, Microsoft, Dropbox, WhatsApp, and others to host or deliver malicious content, making suspicious activity harder to spot.

The biggest concern with these phishing tactics is that employee awareness training often is not enough to stop cybercriminals from succeeding. The average cost of a data breach against an organization is more than $4 million.

Sophisticated, real-time AI detection combined with zero-trust is the only way forward. Learn more from Ideal Integrations.