Microsoft warns of new phishing techniques in 2020

With the end of the year comes the trends of bankruptcy in terms of cyber threats. Among the major players in cybersecurity, Microsoft has just published a vast report on the main vectors used in attacks. 

For the past two years, phishing has experienced the greatest increase. While the number of ransomware and crypto-mining saw their number decrease, that of phishing by email went from 0.2% in January 2018, to 0.6% last October. A figure that looks ridiculous at first glance, but which in reality represents the percentage of phishing emails detected on the huge total volume of emails analyzed by Microsoft.

It is above all the phishing methods used that stand out for their level of sophistication. One of the most impressive was influencing Google’s search results by channeling traffic from legitimate sites to the sites of cybercriminals. Sites web targeted rise in Google’s results for some very specific terms. 

It is from this moment that cyberattackers carry out their email campaign. The post associates links with Google’s search results for the term they are working on SEO. When the victim clicks on the link and the first result of Google is the website controlled by the hacker, then the phishing page displayed.

False 404 Error Pages

Another paid method is the creation of untraceable pages displaying the 404 error. This process allows cybercriminals to bypass phishing detection systems . However, as soon as the user clicks on the link, it is automatically redirected to the trap. 

Finally, the third threat remains more classic, but formidable in effectiveness. Instead of copying the credible elements which constitute a real site, the attackers have developed a system which comes directly to recover all the real elements of the site and displays them on the trapped page. For the victim, there is no difference between the real site and that of the scammers. Only the site URL lets you know that it is a trap.