In recent past, email based cyberattacks have become a new strategy for attackers to trick the victims. Security researchers have analyzed millions of such malicious emails and have summarized some key patterns used during the attacks in the past year. In most of the attacks, attackers have used the names of top-notch brands to attract the attention of the victims.
According to the researchers, cybercriminals are relying on both brand-specific lures as well as weaponized emails to target their victims. In most of the email-based attacks, attackers have imitated extremely popular brands to gain access to the network of the victims and steal credentials. Of all the malicious email lures, 45% of credential-stealing phishing attacks were Microsoft-themed attacks. These malicious emails contained a message, notification or file that included a link to a fake website asking users to login with Office 365 credentials.
Besides Microsoft, attackers have imitated other brands like Adobe, Google Forms, Dropbox, Box, DocuSign, and WeTransfer to carry out nefarious activities. Almost 17% of phishing emails were related to financial transactions, using invoice-themed lures, experts found. Attackers are increasingly using the GuLoader malware as a delivery mechanism for email attacks.
The new trends in email based cyber attacks have become a serious threat for all the organizations. Therefore, organizations are recommended to take email-based phishing attacks seriously and keep making regular investments to upgrade their security defenses.