Skip to main content

Phishing is now one of the most popular attack vectors

(Image credit: Image Credit: wk1003mike / Shutterstock)

Phishing, a cybercrime method in which scammers send legitimate-looking, but fake emails with the goal of gathering private data and turning in a profit, is still the most popular and most frequent cybercrime method out there.

This is according to F5 Labs’ latest Phishing and Fraud Report, which says phishing has been the top method for years now, and “this trend isn’t likely to go away anytime soon”.

Hackers are more than happy to use phishing because it’s super easy to execute and incredibly effective. With no firewalls in place, no zero-day vulnerabilities necessary to exploit and no encryption to decipher, it’s by far the simplest method.

All it takes is one gullible employee and they’re good to go. However, F5 Labs says employee training is on the rise, so coming up with a good-enough of an email, to have people click on the links inside, is getting more difficult.

At the moment, hackers are most often impersonating Facebook, Autodiscover, Apple, Chase, Office, WhatsApp, PayPal, Amazon, Microsoft, Netflix, iCloud and Office 365.

Most of the phishing websites (the malicious sites to which victims are supposed to go) are encrypted, which means that traditional intrusion detection systems are having a harder time spotting malicious code embedded within those sites.

But even worse is the fact that almost all of the websites (83 per cent) use legitimate certificates, which means browser certificate warnings won’t work and users will be easier to trick.

F5 Labs’ full report can be found on this link.