Microsoft, Dropbox and LinkedIn are the biggest targets for phishing attacks
- The report highlights that
phishing attacksaccount for 32% of all breaches and 78% of all cyber-attacks.
- Microsoft, PayPal, DHL, DocuSign and DHL were among the top
- In the phishing kits monitored by it, Akamai found that 60% of all kits were active for 20 days or less.
Among the preferred targets for phishing, organizations like Microsoft, PayPal, DHL, DocuSign and LinkedIn were among the top targets. It is worth noting that over 50% of all unique organizations that were impersonated by tracked phishing domains were from the financial services sector as per Akamai’s records.
What is phishing?
Phishing is a type of attack that is aimed at collecting usernames, passwords and other personal information of users. It is usually in the form of an email or a message that contains a link or an attachment, pretending to be a trustworthy entity such as a company or a bank. As per Akamai, phishing plays a role in 32% of all breaches and 78% of all cyber-attacks.
How to protect yourself from phishing attacks
The first thing that you need to do to protect yourself from phishing attacks is learn how to identify phishing attacks.
- Organizations have their own domain and do not use public domains to send emails to their customers. If you receive a email from a company with a public domain (@gmail.com at the end), avoid clicking on any links or attachments.
- Check the email or message for spelling mistakes, unusual phrases and discrepancies in the domain name.
- If the email contains unnecessary attachments or links, avoid clicking on them.
- Avoid clicking on shortened links, especially on social media.
- Avoid emails from suspicious senders that contain urgent deadlines and ask you to click on a link or visit a website urgently.
- Do not enter personal information in pop-up screens. Companies generally do not use pop-up screens to ask for user information.
Akamai’s report on phishing attacks
Akamai, in its report has highlighted that among the phishing kits monitored by it over 262 days, 60% of kits were active for 20 days or less. It also found over 2 billion unique domains that appeared malicious. As per the report, 89% of the domains used for phishing had a lifespan of less than 24 hours and 94% had a lifespan of less than three days.
While the measures adopted against phishing attacks have been evolving over the years, the evasive and defensive techniques used by phishing kits have been evolving as well. Akamai’s report highlights some of the content-based evasion techniques used by phishing kits.
The major evasion techniques include CSS font evasion, randomly generated URLs, randomly generated sub-domains and HTTP user-agent filtering.