Category Archives: Phishing

Phishing is still in vogue and more and more widespread. It is very dangerous and can hack computers. We keep our readers informed of developments and the latest news.

France: What is the state of phishing for the year 2020

Earlier this week, cybersecurity offering company Proofpoint released a report on a study of phishing, its practices and its consequences.

The document is titled "State of the Phish."

Under quite special conditions, especially since the study year is a special year too. Indeed, in 2020, cyberattacks have increased quite significantly. And that's why we all know that. The majority of these cyberattacks have relied on phishing practices. This is clearly in line with the situation faced by the majority of Internet users during this period. Because of the pandemic, millions of people have found themselves in a situation where remote collaboration has to be made. It's the explosion of telecommuting. Let's take advantage of this situation, and knowing that the majority of Internet users were not up to date with good practices in the use of digital tools, cyber criminals made the most of phishing. Apart from work, the situation of containment accompanied by fears born of the coronavirus pandemic, it was much easier to divert the attention of Internet users.

This article will also interest you: 3 tips to protect yourself from phishing

In practice, it has been revealed that nearly 74% of U.S. companies, for example, faced phishing attacks in 2020. There is an increase of almost 14% compared to 2019. Globally, 57% of companies have been confronted with phishing attacks that have been successful. The countries that were least affected were France and Germany.

The report concluded that:

– 60% of phishing attacks resulted in data leaks in 2020;

– 52% of these attacks resulted in account compromise;

– 47% were the source of ransomware attacks;

– 19% by causing you financial fraud;

– 29% malware intrusion into the computer system of targeted companies.

Moreover, it has been observed that companies that finally agree to pay the ransoms demanded by cyber criminals are becoming more and more numerous. This increase, of course, has to be put into perspective depending on the country. Globally, 34% of companies affected by this type of cyberattack have given in to the blackmail of hackers. In Germany in Germany, 86% of companies sold out, while in the United States there were 68%.

We can only remember that France of a certain makes a very good score in terms of computer security. Indeed, only 18% of companies affected by ransomware attacks have given in to the pressure of hackers. 78% of companies that agreed to pay the ransom demanded were able to recover their data, which is also a global record, or only 60% of companies that give in to blackmail recover their data.

The report also noted an awareness on the part of companies, which are beginning to deploy more and more resources to combat this phenomenon. As a result, several organizations have made their staff more aware on a permanent basis. But this has yet to develop as only 39% of cybersecurity professionals in France have confirmed that they are raising awareness among their staff. Globally, only 53%

Somehow there are still many employees who are not yet aware of the risks associated with emails and attachments. With telework, which has pushed nearly 77% of companies in France, has shifted to remote work, only 38% have actually trained their employees. This honestly demonstrates the gap between what should be and what is.

It should also be noted that 40% of companies have decided for some time to set up awareness sessions at least once a month. However:

– In 24 percent of companies, awareness sessions are less than one hour per hour

– In 42 percent of companies, about 1 to 2 hours per year

– 2 to 3 hours a year in 17 percent of them

– Only 4% provides nearly 30 minutes of awareness per year on phishing issues.

In addition, the companies have decided to take action. Indeed:

– 43% of organisations in France reprimand their employees who have been trapped at least twice. 55% of companies do so globally.

– In France 26% of companies dismissed their employees for gross misconduct after being trapped in a phishing attack. This is the case for 20% of companies worldwide.

– 72% of companies in France said that reprimand systems have improved awareness against phishing

– 80% of organizations acknowledged that awareness and staff training have significantly reduced the generality of such attacks.

According to Proofpoint's report, the 10 themes that have been most used in phishing are: "

New Teams Query

Coronavirus alerts and health warnings

Office 365 password expiry note

OneDrive account deactivation

OneDrive Sharing Notifications

Starbucks Bonus

Coronavirus Health Information from the World Health Organization WHO

New voice message alert

OneDrive File Massive Delete Alert

"UPS Shipping Notice"

Now access an unlimited number of passwords:

Check out our hacking software

The phishing site: a continuous proliferation

Users of digital services will never be safe from phishing.

At least not at the moment. According to estimates by computer security experts, cyber-malveillance practice has experienced a significant boom especially in 2020. We are talking about a record number.

This article will also interest you: An American company tests its employees in phishing

The American web giant Google with its powerful search engine, has managed to detect nearly 2 million websites typically formulated for phishing. A figure more than surprising. In particular, this can be understood by the health crisis that shook the world during 2020. A health crisis must be remembered, which has led to a much more massive use of computer security solutions. An update that has greatly enabled cybercriminals to be able to fine-tune their cyber-malveillance strategy to the best of their ability.

According to the American company, it was possible to detect nearly 18 million attackers per day. As a school case, there is the Doctolib site that has been booby-trapped by scammers.

In its latest "Google Transparency Report and statistical", published on November 27, the 4-color company is likely to be alarmed about phishing and phishing practices. The company claims to have detected nearly 46,000 phishing websites per week. The first half of 2020 is a pretty interesting time for hackers. During this period Google observed 58,000 phishing attacks per week. During the second half of the year, these attacks fell somewhat, falling to the 42-mile mark per week.

The root cause of this increase in computer attacks is nothing more than the rather massive shift to remote collaboration. Cybersecurity experts have confirmed that the increase in attacks coincides well with the period of containment and therefore telework. This period as dollars mentioned above, it is confirmed with a fairly massive use of computer. The majority of users are not up to date on the right methods for healthy use of IT solutions. In this context, cyber malice has literally doubled in intensity. The large flow generated by this migration to high-intensity digital tools encourages hackers to develop more and more attacks and malicious practices.

"The panic of the pandemic and the it insecurity involved due to the increase in Internet use but also the panic caused by the pandemic, users are no longer vigilant enough, especially in terms of computer security. Google says. "It's important to get security and compliance to protect emails, data and users. Unverified downloads or online purchases and orders on any type of site are among the open doors to phishing and all types of Internet scams. In March 2020, concerns about the increase in telework-related computer attacks were addressed. ».

Now access an unlimited number of passwords:

Check out our hacking software

U.S. company tests employees with phishing

Recently, an American company decided to test all of its staff.

These tests consisted of offering employees a Christmas bonus by relaying them an email. The objective, of course, was to test the resistance of the latter to the classic method of phishing. A technique widely used by cyber criminals.

This article will also interest you: Can security tests affect the criminal record?

It is a company specializing in the management of domain names on the Internet, also one of the largest in its sector. It is called GoDaddy The American company has made its employees look forward, offering them fake Christmas bonuses. A full-scale safety test, which paid off to some extent as a large proportion of the staff were trapped. Yet this has not really been appreciated by them. Feeling fooled.

The events took place during the first half of December 2020. Nearly 500 employees inadvertently clicked on a link promised them $650 as a Christmas bonus. To access this amount, you had to fill out an information sheet that required several personal information.

"You receive this email because you failed our recent phishing test. You will have to resume your safety awareness training," read the email received by employees two days later after being trapped.

Several American media outlets have reported these facts. Within the company, employees did not miss their displeasure.

As a reminder, it should be noted that phishing, also known as phishing in the practical sense, is a technique widely used by cyber criminals. According to the computer security specialist, the majority of computer attacks were initiated on the basis of phishing. The technique remains basic but for years have continued to cause casualties. The employee where the individual is on the Internet is redirected to the website, where he is made to believe that he is carrying out a totally legitimate action. With a lack of vigilance, they entrust their personal data to hackers who will use it at the latest to carry out other acts of cyber malice. The American company event demonstrates what everyone already knew. Users of digital services clearly lack vigilance and good digital hygiene.

Realizing that its employees didn't like the improvised test at all, the U.S. domain name management company wanted to explain itself through a press release: "We learned that some employees were upset by our phishing attempt and found it cruel, and for that we apologized," said a GoDaddy spokesperson. , continuing to the French news agency: "Although the test has mimicned real attempts (computer attacks) that are taking place today, we need to improve and show more empathy towards our employees. ».

Now access an unlimited number of passwords:

Check out our hacking software

AllAntiCovid: a phishing campaign targets app users

It has been detected a phishing companion that specifically targets Android users.

The situation was deciphered by the online media Numerama.

The hackers decided to send a text message by posing as the French government. The goal is to push the people targeted by his SMS to download the allAntiCovid tracking app. Of course this is not the real application but rather a bank Trojan.

This article will also interest you: Mobile tracing: "AllAntiCovid" does better than StopCovid with its 3 million downloads in a few weeks

Messages began to erupt on Wednesday, December 2, 2020. All French citizens are then asked to be very careful. Despite this, AllAntiCovid's Twitter account meant that the phishing campaign ended on the same day, December 2.

Yet people continue to receive you this kind of suspicious messages asking them to download the app. The structure of the SMS is similar to that sent by the government, not long ago. But there are clear differences when you are attentive and vigilant.

At first, the URL in the message is already likely to arouse mistrust. It is accompanied by a "Bit.ly" shortcut link, while the main address used by the government in its messages is "http://bonjour.tousanticovid.fr." And worse the shortcut link contains the word "AntlCovid19" trying to look as much as possible link used by the government, as highlighted by the CyberWar platform.

In addition to this other details are challenging. The "i" used in "AntlCovid19" has been replaced so as not to attract attention but it is not the same. A common technique where it is possible to use several word compositions in order to resemble another when it is totally different for the one who does not observe well. In addition, the message used in the phishing campaign comes from "GOUV.FR." Instead, the official authorities use "Gouv.fr." These details are very useful for observing a phishing message unlike an official message.

As a result, it was observed that the URL in the phishing message directly leads to a platform clearly directed by cyber criminals. It is a website that takes on the appearance of an official website with the visual identity that goes with it. There, the user is pressured to download an APK file called "tousanticovid.apk". In this condition there are only Android phone users who can download the app and install it. While the official app can be used on both iOS and Android. Enough to attract attention.

In reality, the malware application before installing it, the user is asked to disable the Google Play Protect, so as to facilitate his intrusion into the device of the victim, in order to steal enough data. Mainly banking data because of the nature of the malware. The malware nation was specified by Maxime Ingrao, a researcher specializing in computer security, and Android at the firm Evina.

"From your ID to your password to dual authentication SMS, the virus captures all the data you need to get it right. Collecting those from your Facebook or WhatsApp accounts is also not a problem. "Security expert."

Now access an unlimited number of passwords:

Check out our hacking software

Phishing or the problem of a persistent threat

Today phishing remains a classic, when it comes to cyber-malleneence.

This is computer hacking and generally identified with acts of infiltration, we often forget that the majority of computer attacks, could not succeed without first some phishing campaigns at the key. Indeed, this rather simplistic technique, has a formidable efficiency in collecting personal data. And this, not to mention anyone, cybercriminals through the trick manages to push the internet user to himself given his information.

This article will also interest you: Adopt a thoughtful attitude towards phishing

Recently, a company specializing in email security to produce a report on the state of computer practices to the test of phishing, the report is based on a study conducted by nearly 317 COMPUTER and security professionals in the United States. The report states that:

– Half of those surveyed saying that their company has observed an increase in phishing campaigns especially, since the coronavirus officially became a pandemic

– A third of professionals say that computer attacks through files have become more effective since January

– Overall, out of 187 phishing attacks per month, only one was stopped or even found, making an average of 40 per day

– Respondents estimated that 6% of phishing attacks can result in data or system violations.

The GreatHorn Mail Systems Protection Company notes that they have greatly improved the way they handle phishing campaigns. Their reaction time has improved significantly:

– According to 40% of respondents, it would take less than an hour to treat a phishing attack while 15 percent of respondents indicated that it would take between one and four days to effectively respond to this problem

– According to 38% of respondents, at least one person has been affected by a phishing campaign in their company

– The majority of respondents felt that the age of the employees has no impact on this type of attack

– 62% of professionals surveyed believe that regardless of the age of the user or employee, the risk of being affected by a phishing attack is the same.

Contrary to the popular belief that the employee is generally the weak link in cybersecurity in business, the professionals interviewed for the study, the majority recognized that the heads of companies in this case CEOs are much more likely to be the weak points of security, especially in the face of phishing. According to 56% of professionals surveyed, business executives are generally the main targets. While only 51% felt that new people could be the main problems.

40% of professionals feel that the blame for being the victim of a phishing attack with a bad impact on the employee. They felt that this was "re-reflecting on the employee." In this regard, 29% say that security teams should be considered partly guilty when an attack of this kind occurs.

In general terms of awareness and its impact in the fight against cybercrime, 75% of professionals surveyed felt that their organization regularly organized training sessions. However, these sessions do not seem to be enough because it lacks recurrence. One-third of organizations will do so once a year, and only 30% would do so every semester. Then their effectiveness can be called into question for such a low frequency. According to 36 percent of respondents, it is not clear whether their colleagues will be able to spot and dispose of an email from phishing.

Moreover, despite the increase in phishing-based attacks, 51% of professionals in destiny that their security budget has not been revised upwards even during the coronavirus pandemic. Some even mentioned a reduction.

"With such a large share of these successful attacks, the time wasted to remedy them can have a negative impact on productivity and profitability. Today, it is more important than ever that companies provide their employees with the knowledge and tools they need to recognize and repel phishing attacks," said Kevin O'Brien, CEO of GreatHorn.

Now access an unlimited number of passwords:

Check out our hacking software