Nine Major Phishing Attacks of 2018 (and How to Spot Them)

Phishing attacks are the most common type of cyberattack for good reason: because they work. If an attacker can convince you to click on a link in a phishing email and enter your credentials, it saves them a lot of trouble hacking into a network and cracking passwords.

The details of phishing scams change from year to year, depending on the pretexts that social engineers can use to convince you to click on a link or open an attachment. Here, we will discuss phishing email examples from some of the top phishing schemes of 2018.

1. Account Verification

One of the most common types of personal phishing emails targets users’ accounts on common social media or vendor sites. You’ll receive an email that appears to be coming from a major company (such as Facebook, Apple, Netflix or Amazon) stating that some issue exists with your account and that you need to sign in to correct it. Links within the email take you to a website that masquerades as that company’s legitimate site and asks for your login credentials. As a result, an attacker steals your login credentials for use on that site and to test for reuse on other common sites.

2. Cloud-Based File Sharing

Cloud-based file-sharing services like Google Docs, Dropbox and Office365 make business more efficient by providing a fast and easy way to share files and folders across teams. However, the frequency of use and the normality of receiving unexpected documents has made them a prime attack vector for phishers.

A common phishing attack consists of a link to what appears to be a shared file on Google Docs, Dropbox or some other file-sharing site. In reality, the link will point to a page pretending to be that file-sharing site and requesting a login. This can be (Read more...)