The origins of fraud date back to the ancient Greek and Roman empires, when savvy merchants cooked up schemes to borrow money from lenders only to avoid paying back their debts. Fast-forward thousands of years and fraud is as prevalent as ever. Today enabled by technology, phishing is the most commonly used deception strategy. Despite advances in phishing prevention, criminals regularly send successful phishing emails as a means to impersonate a trusted source and entice a victim to give up some sort of sensitive information. Email phishing has been the primary attack vector used on some of the most devastating cyberattacks to date such as Anthem, Home Depot and Sony Pictures.
While hackers have been phishing on the web for nearly two decades, they’re now using more sophisticated strategies, tools and techniques to achieve their objectives. In fact, modern phishing scams can be so sophisticated that even the most phishing vigilant people routinely fall victim. Criminals are also directly targeting businesses and starting to use artificial intelligence to find vulnerabilities. And with a growing infrastructure of black market tools and how-to guides, nearly anyone can now create a complex phishing campaign.
Phishing can be traced back to the early 1990s when a group of hackers created an algorithm to generate random credit card numbers to create phony AOL accounts. They eventually moved on to masquerading as AOL employees, messaging people for their private information. When AOL caught on in 1996, it used the term “phishing” when warning its members about the phone messages.
The early days of phishing represented a ‘Wild West’ type environment where lone criminals tried and tested new techniques. InfoSec Institute reports that most schemes were poorly designed, had grammatical errors and were easy to spot. But by 2003, cyber criminals started registering phony domains that were strikingly similar to those used by popular companies. That year, criminals sent phony PayPal messages to spread the Mimail virus, causing more than $9 billion in economic damages around the globe.
Since then, criminals have continuously worked to refine their strategies. Luckily for them, the advent of social media made it easier to gather a plethora of personal information that could be used to create authentic-looking messages. Due to overwhelming success, these “social engineering” and “spear-phishing” strategies have grown significantly in recent years, and according to Verizon’s Data Breach Digest, 90 percent of all data breaches are now enabled by such tactics.
Phishing attacks of the past were usually poorly-designed and a numbers game that hit as many people as possible with the hopes that a few would bite. Nowadays, attacks are more targeted, designed to avoid detection and increasingly sophisticated.
Here are the five ways phishing attacks have evolved into complex threats.
The IRONSCALES platform is designed for pre-and-post email delivery, always assuming that emails will pass through the prevention layer and find its way into the mailbox. The platform consists of four modules that work in tandem to prevent, detect and remediate email phishing at all phases of an attack’s lifecycle. The platform utilizes mailbox-level anomaly detection to analyze employees’ mailbox behavior to protect against hyper-targeted phishing attacks both before and after each bypasses’ gateway level solutions and lands in an inbox.
Our multi-layered and automated approach to prevent, detect and respond to phishing emails combines micro-learning phishing simulation and awareness training (IronSchool), with advanced mailbox-level anomaly detection (IronSights), automated incident response (IronTraps) and real-time automated actionable intelligence sharing (Federation) technologies. By providing protection at every stage of an email phishing attack, IRONSCALES’ customers reduce the time from email phishing attack discovery to enterprise-wide remediation from days, weeks or months to just seconds, with little to no security team involvement.
Let’s schedule a demo today.