Microsoft’s Security team analyzes more than 6.5 trillion security signals a day to identify trends that could affect the digital landscape that we all live in. After scanning more than 470 billion email messages that have been sent and received by customers of its Office 365 platform, the company reports that malicious phishing attacks are on the rise, and not by a small margin — by a massive 250 percent. Worse, techniques used by scammers are becoming more proficient and harder to detect.
In Microsoft’s Security Intelligence Report — Volume 24, the team acknowledged that technology such as machine learning has been able to reduce a significant number of phishing attacks from succeeding, however, these manipulative attacks are still on the rise. Scammers who are choosing to run phishing attacks, a practice that aims to deceive a user and request sensitive information while masquerading as a trustworthy entity, have also begun to step up their game by diversifying their attacks.
According to Microsoft’s report, techniques used by phishers include domain spoofing, domain impersonation, user impersonation, text lures, credential phishing links, phishing attachments, and links to fake cloud storage locations. Using these methods phishing emails can appear to be sent from official domains or personal while presenting malicious files and links for a user to access. Emails may also contain malicious file attachments to aid the process.
When accessing your email, it is essential to take precautions against phishing — a practice that targets both individuals and businesses:
Never send sensitive information such as bank account information or passwords within an email
Always be sure to check the address from which an email was sent carefully
If ever in doubt, contact the person or institution in question to verify if they had sent you a legitimate email or if it might be fraud.
Microsoft’s report also revealed information on malware attacks such as ransomware and crypto jacking. Overall, users encountering malware have decreased by around 34 percent from last year. Microsoft notes that many malicious organizations chose to abandon high-maintenance ransomware attacks for more low-effort, and lucrative, crypto-jacking campaigns — an attack in which malware is unknowingly installed onto a user’s machine, using its resources to generate cryptocurrencies for the attacker.