Microsoft, Dropbox and LinkedIn are the biggest targets for phishing attacks

Advertisement
Microsoft, Dropbox and LinkedIn are the biggest targets for phishing attacks
Pixabay
  • The report highlights that phishing attacks account for 32% of all breaches and 78% of all cyber-attacks.
  • Microsoft, PayPal, DHL, DocuSign and DHL were among the top phishing targets.
  • In the phishing kits monitored by it, Akamai found that 60% of all kits were active for 20 days or less.
Advertisement
Akamai is back with its State of the Internet / Security (SOTI) report where it highlights the research done by the organization in the last 12 months. In its sixth annual report, Akamai has covered various issues such as DDoS attacks, credential stuffing and phishing.

Among the preferred targets for phishing, organizations like Microsoft, PayPal, DHL, DocuSign and LinkedIn were among the top targets. It is worth noting that over 50% of all unique organizations that were impersonated by tracked phishing domains were from the financial services sector as per Akamai’s records.

What is phishing?

Phishing is a type of attack that is aimed at collecting usernames, passwords and other personal information of users. It is usually in the form of an email or a message that contains a link or an attachment, pretending to be a trustworthy entity such as a company or a bank. As per Akamai, phishing plays a role in 32% of all breaches and 78% of all cyber-attacks.
Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

How to protect yourself from phishing attacks

The first thing that you need to do to protect yourself from phishing attacks is learn how to identify phishing attacks.
Advertisement


  • Organizations have their own domain and do not use public domains to send emails to their customers. If you receive a email from a company with a public domain (@gmail.com at the end), avoid clicking on any links or attachments.
  • Check the email or message for spelling mistakes, unusual phrases and discrepancies in the domain name.
  • If the email contains unnecessary attachments or links, avoid clicking on them.
  • Avoid clicking on shortened links, especially on social media.
  • Avoid emails from suspicious senders that contain urgent deadlines and ask you to click on a link or visit a website urgently.
  • Do not enter personal information in pop-up screens. Companies generally do not use pop-up screens to ask for user information.

Akamai’s report on phishing attacks

Akamai, in its report has highlighted that among the phishing kits monitored by it over 262 days, 60% of kits were active for 20 days or less. It also found over 2 billion unique domains that appeared malicious. As per the report, 89% of the domains used for phishing had a lifespan of less than 24 hours and 94% had a lifespan of less than three days.

While the measures adopted against phishing attacks have been evolving over the years, the evasive and defensive techniques used by phishing kits have been evolving as well. Akamai’s report highlights some of the content-based evasion techniques used by phishing kits.

The major evasion techniques include CSS font evasion, randomly generated URLs, randomly generated sub-domains and HTTP user-agent filtering.
{{}}