According to Akamai's discoveries over 50% of every unique organization that was 'impersonated' by tracked phishing domains was from the financial services and among the favored targets for phishing, companies like Microsoft, PayPal, DHL, DocuSign, and LinkedIn were among the top targets.
As per Akamai the attack aimed at gathering the personal information of users and duping them by later claiming to be a 'trustworthy' source, just like an organization or a bank, it assumes a vital job in 32% all breaches and 78% of all cyber-attacks.
In its report it has featured that among the phishing kits observed by it for almost 262 days, 60% of kits were active for 20 days or less, more than 2 billion unique domains that seemed malignant and 89% of the domains utilized for phishing had a 'life expectancy' of under 24 hours while 94% had a life expectancy of under three days.
While the measures embraced against such phishing attacks have been developing throughout the years, the shifty and cautious strategies utilized by phishing kits have been transforming too.
Akamai’s report basically highlights some of the content-based evasion techniques used by phishing kits. The crucial evasion techniques incorporate the CSS font evasion, arbitrarily generated URLs, sub-domain and HTTP user-agent filtering.
Here are some of the steps to be taken by users to better protect themselves from such attacks:
- Check the email or message for spelling mistakes, unusual phrases, and discrepancies in the domain name.
- If the email contains unnecessary attachments or links, avoid clicking on them.
- Do not click on shortened links, especially on social media.
- At all costs avoid emails from suspicious senders that contain urgent deadlines and ask you to click on a link or visit a website urgently.
- Do not enter personal information in pop-up screens as companies generally do not use pop-up screens to ask for user information.