At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Phishing and Scam Pages Increase by 153% as Cybercriminals Seek to Establish Credibility

    phishing-websites

    As part of either impersonating known brands or simply leveraging credible cloud services, the use of a web page as part of an attack has become a staple for threat actors.

    According to security vendor Bolster’s 2022 State of Phishing & Online Fraud Annual Report, there were over 10.5 million pages built in 2021 by cybercriminals to trick victims into giving up credentials, banking details, or personal information. That equates to just under 890,000 pages a month!

    What’s really disturbing is the overwhelming focus on tech companies as victims; according to the report, the number one vertical targeted was the Technology sector, representing 30% of all attacks. What makes this disturbing is the growth in supply chain attacks (e.g., the Solarwinds attack early last year) that could give hackers entrée into a vendor that would potentially provide access to thousands of customer networks.

    To accomplish this, cybercriminals are continuing to impersonate some of the most well-known brands. According to the report, the top brands impersonated are Microsoft, Facebook, Amazon, Apple, Adobe, and Netflix – with Microsoft being so dominant that they outpace the total of the others combined! The malicious web content is also being hosted with reputable providers including: Cloudflare, Google, and Amazon.  And emails are being sent predominantly (72% of the time) via Gmail.

    All of this is done to trick security solutions into thinking because the hosting, the domains, and the email platforms are all credible, that the phishing and scam emails must be equally credible.

    This leaves the user as the last line of defense – where Security Awareness Training is the proper layer to be put into place, educating users on how to identify scams with a heightened sense of vigilance. By implementing this layer, emails and web content that make their way past security solutions will be spotted and stopped in their tracks by users – well before the content has any ability to do damage.

    Free Phishing Security Test

    Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

    PST Results

    Here’s how it works:

    • Immediately start your test for up to 100 users (no need to talk to anyone)
    • Select from 20+ languages and customize the phishing test template based on your environment
    • Choose the landing page your users see after they click
    • Show users which red flags they missed, or a 404 page
    • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
    • See how your organization compares to others in your industry
    Go Phishing Now!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phishing-security-test-partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top