Line 12: |
Line 12: |
| | | |
| ===Cybersquatting=== | | ===Cybersquatting=== |
− | According to [[APWG|The Anti-Phishing Working Group]], the number of [[cybersquatting|cybersquatted]] domain names used in conjunction with [[phishing]] has fallen to only 2% of attacks in 2012. A report identified 64,204 phishing domains in total, of which only 12% is suspected by APWG as being registered by the phishers. The rest were compromised accounts owned by third parties. More than half of phisher-owned domains were in [[.tk]], a registry that offers free registration.<ref>[http://domainincite.com/10861-only-2-of-phishing-attacks-use-cybersquatted-domain-names Only 2% of phishing attacks use cybersquatted domain names]. Published 2012 October 25. Retrieved 2012 November 13.</ref> | + | According to [[APWG|The Anti-Phishing Working Group]], the number of [[cybersquatting|cybersquatted]] domain names used in conjunction with [[phishing]] fell to only 2% of attacks in 2012. A report identified 64,204 phishing domains in total, of which only 12% is suspected by APWG as being [[Malicious Domain|registered by the phishers]]. The rest were [[Compromised Domain|compromised accounts]] owned by third parties. More than half of phisher-owned domains were in [[.tk]], a registry that offers free registration.<ref>[http://domainincite.com/10861-only-2-of-phishing-attacks-use-cybersquatted-domain-names Only 2% of phishing attacks use cybersquatted domain names]. Published 2012 October 25. Retrieved 2012 November 13.</ref> |
| + | |
| + | ===Combating Phishing with Next Generation Passwordless Authentication=== |
| + | "WinMagic's MagicEndpoint Passwordless Multifactor Authentication will ensure your systems are secure and easy to access. Turn regular devices into security keys. <ref>[https://www.winmagic.com/products/passwordless-authentication Winmagic]</ref> |
| | | |
| ==Types of Phishing Practices== | | ==Types of Phishing Practices== |
Line 24: |
Line 27: |
| * DNS-Based Phishing also referred to as "Pharming" <ref>[http://pcworld.about.com/od/emailsecurity/Types-of-Phishing-Attacks.htm Phishing types]</ref> | | * DNS-Based Phishing also referred to as "Pharming" <ref>[http://pcworld.about.com/od/emailsecurity/Types-of-Phishing-Attacks.htm Phishing types]</ref> |
| * Voice phishing, which is a rather new form of phishing: users will receive an email allegedly from their favorite websites and will be requested to call a fraudulent number and update their information, which will then be stolen by the hacker.<ref>[http://www.spamlaws.com/voice-and-spear-phishing.html Voice phishing]</ref> | | * Voice phishing, which is a rather new form of phishing: users will receive an email allegedly from their favorite websites and will be requested to call a fraudulent number and update their information, which will then be stolen by the hacker.<ref>[http://www.spamlaws.com/voice-and-spear-phishing.html Voice phishing]</ref> |
− | * Tabnabbing, which takes advantage of multiple tabs which Internet users may frequently use and redirects the Internet user to the wrong website. <ref>[http://www.crustiz.com/web-2-0/tabnagging-new-phishing-attack/ Tabnagging]</ref> | + | * Tabnabbing, which takes advantage of multiple tabs that Internet users may frequently use and redirects the Internet user to the wrong website. <ref>[http://www.crustiz.com/web-2-0/tabnagging-new-phishing-attack/ Tabnagging]</ref> |
| * Pop-up windows which may appear from legitimate and original websites but request financial and credential information. | | * Pop-up windows which may appear from legitimate and original websites but request financial and credential information. |
| | | |
| ==Protection against Phishing Practices== | | ==Protection against Phishing Practices== |
− | In order avoid being a victim of phishing, Internet users should take the following into consideration: | + | In order to avoid being a victim of phishing, Internet users should take the following into consideration: |
| # Avoid or delete mass emails | | # Avoid or delete mass emails |
| # Install anti-phishing software | | # Install anti-phishing software |
| # Avoid password authentication services | | # Avoid password authentication services |
| # Ignore emails requesting financial information updates | | # Ignore emails requesting financial information updates |
− | # Use spam filters to eliminate phishing emails. This solution relies on natural language processing methods and is able to substantially reduce the amount of phishing emails. | + | # Use spam filters to eliminate phishing emails. This solution relies on natural language processing methods and is able to substantially reduce the number of phishing emails. |
| # Do not trust impersonal emails | | # Do not trust impersonal emails |
| # Be suspicious regarding email links | | # Be suspicious regarding email links |
| # Submit credit card information only on secure websites with secure payment options.<ref>[http://www.anti-phishing.info/avoid-phishing.html Phishing protection]</ref> | | # Submit credit card information only on secure websites with secure payment options.<ref>[http://www.anti-phishing.info/avoid-phishing.html Phishing protection]</ref> |
| + | |
| + | ==Trajectories== |
| + | In the early 2020s, phishing began growing in popularity among [[Threat Actor|threat actors]] even as [[DNS Abuse]] in general appeared to trend down.<ref>[https://www.icann.org/en/system/files/files/last-four-years-retrospect-brief-review-dns-abuse-trends-22mar22-en.pdf DNS Abuse Trends Retrospective, ICANN Files]</ref> |
| + | |
| + | On July 19, 2022, [[Interisle Consulting]] reported that: |
| + | * phishing attacks were up by 61 % over the previous year, |
| + | * phishing reporting went up by 72 %, |
| + | * 76% of domains for phishing were registered with nTLDs (34% were split between [[.com]] and [[.net]], |
| + | * phishers are targeting big tech brands, and |
| + | * cryptocurrency phishing increased by 257 %.<ref>[https://interisle.net/PhishingLandscape2022-ExecutiveSummary.pdf 2022 Phishing Landscape Executive Summary, Interisle]</ref> |
| | | |
| ==References== | | ==References== |