Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Articles

08:30 AM
Joan Goodchild
Joan Goodchild
Edge Features

Phishers' Latest Tricks for Reeling in New Victims

Phishing works because people are, by nature, trusting -- but these evolving phishing techniques make it even tougher for security managers to stay on top.

From his days as an IT worker, to his work as a journalist covering information security, to his time now as a security researcher with Akamai, Steve Ragan has been watching phishing techniques evolve for nearly two decades.

But it wasn't until late 2007, when the Storm Worm started taking off, that Ragan's education began in earnest.

"Storm circulated via email and targeted current events as a lure to get people to open malicious attachments and URLs," Ragan recalls. "It worked well, and the botnet continued to grow. Storm was a spam campaign — at least that is how it was commonly referred to — but it was phishing at its purest. The idea was to send an email, pique the curiosity of the recipient, and deliver a malicious payload. "

Phishing is still going strong. But what has changed since Storm's earlier days?

Everything, according to Ragan.

Gone are the days when most phishing emails were easy to spot due to their grammar and spelling errors, he says. Criminals have evolved, and scripts are tighter, error-free, and more focused. Spear-phishing, which is a highly targeted type of phishing attempt that focuses on a specific individual or group, is on the rise. So are business email compromise (BEC) attacks, which are targeted phishing attacks on business emails — typically those held by high-level executives. In fact, according to the FBI, BEC attacks resulted in $12 billion in losses between October 2013 and May 2018.

"Criminals have been known to call the targeted organization or victim to confirm information, and public records are used to corroborate information, such as who works in accounting and who their direct report is," Ragan says.

Phishing continues to be a successful tactic because people are, by nature, trusting. In addition, techniques keep evolving, making it tough for security managers to stay on top. Ragan, and several other security industry experts who track phishing tactics, offer a breakdown of the latest tricks and traps phishing criminals are up to these days. 

{Continued on Next Page}

Joan Goodchild is a veteran journalist, editor, and writer who has been covering security for more than a decade. She has written for several publications and previously served as editor-in-chief for CSO Online. View Full Bio
1 of 3

Recommended Reading:

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
User Rank: Apprentice
5/6/2020 | 4:49:00 AM
Good article
I Just wanted to say thank you for explaining all of this so well.
Cartoon Caption Winner: Magic May
Flash Poll