The constant evolution of phishing
Posted: Sat Feb 01, 2025 10:46 am
The constant evolution of phishing is one of the keys to its continued existence. According to data shared during the BlackHat presentation, 68% of phishing emails blocked daily by Gmail are made up of new variants that have never been seen before, forcing human and technological defense mechanisms to adapt quickly to prevent these attacks. This is compounded by an education problem, since, according to figures shared by experts, 45% of Internet users do not fully understand what phishing is.
The art of persuasion through emails
Another aspect that explains the prevalence of phishing is that those responsible for designing these campaigns have become experts in persuasion. According to a study conducted by cyprus phone number data Daniela Oliveira, cybercriminals have become masters in managing psychological manipulation techniques. Our ability to detect a scam varies from person to person, since there are a large number of factors that influence the decision we make when faced with a phishing email, such as personality, mood at a specific moment, cognitive motivation, emotional intelligence and even hormonal factors. Therefore, when we are in a good mood and our levels of oxytocin, serotonin and dopamine increase, we are more likely to be deceived, while when cortisol levels are high (commonly associated with stress), we are more likely to be more cautious and attentive.
As Daniela Oliveira describes, there are three common persuasion tactics in phishing emails: the use of an authority respected by the user, the promise of economic benefit if the individual interacts with the email (or economic loss if ignored); and, finally, the appeal to the emotional factor.
Many phishing campaigns are targeted at specific people.
Another aspect to understand why phishing is still used by cybercriminals is the personalization of campaigns. Based on the emails that Google blocks daily, they have developed a categorization according to the degree of specificity of their attack targets. Thus, on the one hand, there are attacks known as “spearphishing”, which are those personalized emails that are directed at a specific person within an organization. Previously, we have published on WeLiveSecurity analyses of a large number of malware campaigns that start with this type of specially targeted emails, such as the analysis of Machete and its ongoing cyberespionage campaign focused on government organizations in Latin America in early August.
Another category, called “boutique phishing,” corresponds to personalized phishing campaigns – not as many as the previous ones – that target a few dozen individuals or organizations. Finally, the third category corresponds to mass phishing emails, which are those addressed to thousands of individuals or organizations.
Interestingly, boutique phishing campaigns last just seven minutes, while mass campaigns are active for an average of 13 hours.
In terms of targeting, according to Google, the majority of phishing campaigns target Gmail, with many of the campaigns focusing on end users, while campaigns targeting business profiles target a limited number of individuals. Furthermore, business profiles are almost five times more targeted than end users, followed by non-governmental organizations.
In terms of phishing, 42% of the attacks on the pages used pretend to be legitimate email service sites, with the aim of tricking victims into entering their login details. In second place, 25% of the campaigns impersonate cloud services, followed by pages pretending to be from financial institutions (13%), e-commerce sites (5%) and delivery services (3.9%).
How to avoid falling victim to a phishing campaign
While phishing campaigners have evolved to make them more attractive, education remains a key factor in reducing the number of victims of this type of attack. Therefore, Google has published an online quiz to test users' ability to recognize a phishing email in an attempt to train more people to be able to recognize whether they are faced with a suspicious email or not.
The art of persuasion through emails
Another aspect that explains the prevalence of phishing is that those responsible for designing these campaigns have become experts in persuasion. According to a study conducted by cyprus phone number data Daniela Oliveira, cybercriminals have become masters in managing psychological manipulation techniques. Our ability to detect a scam varies from person to person, since there are a large number of factors that influence the decision we make when faced with a phishing email, such as personality, mood at a specific moment, cognitive motivation, emotional intelligence and even hormonal factors. Therefore, when we are in a good mood and our levels of oxytocin, serotonin and dopamine increase, we are more likely to be deceived, while when cortisol levels are high (commonly associated with stress), we are more likely to be more cautious and attentive.
As Daniela Oliveira describes, there are three common persuasion tactics in phishing emails: the use of an authority respected by the user, the promise of economic benefit if the individual interacts with the email (or economic loss if ignored); and, finally, the appeal to the emotional factor.
Many phishing campaigns are targeted at specific people.
Another aspect to understand why phishing is still used by cybercriminals is the personalization of campaigns. Based on the emails that Google blocks daily, they have developed a categorization according to the degree of specificity of their attack targets. Thus, on the one hand, there are attacks known as “spearphishing”, which are those personalized emails that are directed at a specific person within an organization. Previously, we have published on WeLiveSecurity analyses of a large number of malware campaigns that start with this type of specially targeted emails, such as the analysis of Machete and its ongoing cyberespionage campaign focused on government organizations in Latin America in early August.
Another category, called “boutique phishing,” corresponds to personalized phishing campaigns – not as many as the previous ones – that target a few dozen individuals or organizations. Finally, the third category corresponds to mass phishing emails, which are those addressed to thousands of individuals or organizations.
Interestingly, boutique phishing campaigns last just seven minutes, while mass campaigns are active for an average of 13 hours.
In terms of targeting, according to Google, the majority of phishing campaigns target Gmail, with many of the campaigns focusing on end users, while campaigns targeting business profiles target a limited number of individuals. Furthermore, business profiles are almost five times more targeted than end users, followed by non-governmental organizations.
In terms of phishing, 42% of the attacks on the pages used pretend to be legitimate email service sites, with the aim of tricking victims into entering their login details. In second place, 25% of the campaigns impersonate cloud services, followed by pages pretending to be from financial institutions (13%), e-commerce sites (5%) and delivery services (3.9%).
How to avoid falling victim to a phishing campaign
While phishing campaigners have evolved to make them more attractive, education remains a key factor in reducing the number of victims of this type of attack. Therefore, Google has published an online quiz to test users' ability to recognize a phishing email in an attempt to train more people to be able to recognize whether they are faced with a suspicious email or not.