Security News > 2021 > September > Hackers Are Going ‘Deep-Sea Phishing,’ So What Can You Do About It?
Hackers are upping their game, using an approach I call "Deep Sea Phishing," which is the use of a combination of the techniques described below to become more aggressive.
In February, 10,000 Microsoft users were targeted in a phishing campaign which sent emails purporting to be from FedEx, DHL Express and other couriers which contained links to phishing pages hosted on legitimate domains, with the goal of obtaining recipients' work email credentials.
Attacks range from typical phishing emails to sophisticated spear-phishing schemes and "Whaling."
Unlike phishing, which casts a wide net, spear-phishing emails are highly targeted, going after a specific individual or organization.
These methods continue to work very well for the bad guys: In fact, according to a survey of MSPs worldwide, 67 percent of respondents indicated that phishing emails were the most common delivery channel for ransomware attacks.
An email just needs to hit at one vulnerable moment, with a lure that resonates with one employee who receives it, for that individual to click on a seemingly legitimate link in a phishing email to download an infected file.