Spamhaus. Then there is the matter of scale, which Alex Vukcevic, head of the Avira Protection Lab, pointed out.
“It’s a question of marketing efficiency – and not that Americans are any more or less gullible than others. The United States is a huge market, relatively wealthy, and has one major language – and that has made spamming and phishing there more productive for the bad guys,” he said.
Phishing – whether the lure is love or a major discount – is a major security issue for those online. Jigsaw, Google’s security thinktank, estimates phishing attempts account for a whopping one percent of all emails. And that’s just the phishing emails – all together, spam messages make up about 45% of all email messages.
Success – at least from the cybercriminals’ perspective – is a numbers game with one response for roughly every 12.5 million messages sent out. To boost this level, they use a wide range of technical tweaks to hide the malicious messages from security software and work hard at crafting messages that will convince the target to click.
While phishing has been a part of the online experience for a long time, the way it is designed and delivered is constantly evolving. Here are four points to bear in mind to keep yourself from getting hooked by a phishing lure:
Phishing emails are progressively becoming more targeted thanks to the steady stream of data leaks. By parsing together various databases of passwords, account names, online activities, and even contact lists, cybercriminals have more detailed information than ever about their targets. While you may not be as important as say the leader of the US Democratic Party, you can still get a spear phishing email targeting just you.
Incoming phishing messages are getting more convincing. Not only is the language more grammatically correct than before, but cybercriminals are gleaning more information from hacked databases to make their messages more alluring and clickable. What once was a laughably fraudulent Nigerian princess in distress is now a notification from Dropbox or an alert from a SaaS company. There may even be someone’s name on the message who you actually know. After all, an e-card from a contact is far more believable than one from an unknown name.
Phishing attempts are working harder at hiding from security apps. To avoid detection, their malicious payload is often not included directly with the phishing message in your inbox. Instead, they use new distribution channels such as instant messaging apps to get their news out. And since security software often filters malicious phishing pages, the cybercriminals are expanding their use of legitimate – but compromised – websites to distribute malware.
The number one security variable when it comes to phishing attempts is the device owner – you. Enhancing your security requires a healthy dose of skepticism (no, I don’t want to click on that Valentine’s card from an unknown admirer) and technical awareness:
|Country||Blocked phish detections|
|Avira data collected between Dec. 2018 – Jan. 2019. Country population data from Wikipedia.|