What tools are used to commit a phishing attack
A few of the types of tools used by hackers in phishing campaigns include the following:
• Domain name permutation engines to help them generate convincing-looking domains where their bogus service will be hosted.
• Legitimate email services (e.g., Gmail for Business) to manage the sending of messages.
• Email extractor tools to harvest large volumes of email addresses.
• Spam assessment tools that make it easier for scammers to create and edit messages in such a way that they avoid getting caught in spam filters.
• Tools like BeEF and SET to generate convincing login portals, steal credentials, and send mass phishing emails.
• ChatGPT to automate the creation of phishing emails.
1. Phishing is the single most common form of cyber crime. An estimated 3.4 billion emails a day are sent by cyber criminals, designed to look like they come from trusted senders. This is over a trillion phishing emails per year.
2. Email impersonation accounts for an estimated 1.2% of all email traffic globally.
3. Around 36% of all data breaches involve phishing.
Spear Phishing
Definition: Sending messages - ostensibly from a known or trusted party - to induce specifically targeted individuals to reveal information to take specific actions.
30. Spear phishing campaigns make up only 0.1% of all email-based phishing attacks, but they are responsible for 66% of all breaches.
31. 50% of large organizations were targeted with spear phishing in 2022, receiving an average of five spear-phishing emails a day.
Whaling
Definition: Also known as big phishing and CEO-fraud, this involves using precisely-engineered spoofing emails to trick senior figures within organizations into disclosing credentials, money, or information.
Common Features of Scams
A large proportion of attackers use fake messages that look as if they are from well-known companies. A growing number of attackers also seem to be putting AI to work to make their messages sound more convincing.
Top Phishing Brands
33. 55% of phishing attacks use established brand names to build credibility in their messages.
Phishing Trigger Words
36. The most frequently-used keywords used by phishing scammers in email subject lines:
Invoice
New
Message
Required
File
Request
Action
Document
Verification
eFax
VM