A new study by Internet security company IHS reveals that most modern sms services are vulnerable to phishing attacks, while many still rely on old fashioned mail-based methods to trick users.
“We have observed numerous phishing campaigns that have targeted a variety of services including email and chat,” said Brian Tresnjak, research director at IHS.
“Our investigation has found that many of these phishing tactics appear to be fairly easy to replicate.
The main problem is that most of the providers in the market are not using modern phishing tools.
The majority of the phishing techniques are very old-fashioned mail-forwarding or spam-spoofing methods.””
These phishing attempts use the same kind of techniques used to trick unsuspecting people into installing malware on their computers, which we found to be highly effective.
This makes them very hard to spot, especially as most of them appear to have been used for years.”
Tresnk’s study also found that most providers don’t provide a complete list of the domains that users can access from their websites, or even a way to easily filter out fraudulent phishing emails.
In addition, many providers provide outdated information on the domains they list on their sites.
While phishing and spam attacks have historically been more common on mail-enabled services like Gmail and Yahoo Mail, IHS said the phisher-turned-victim of these tactics is more likely to be the one who gets tricked.
“The most common method of attack involves sending a phishing email, which is a phish-style email that trick the user into clicking a link on the site.
The email contains a malicious link that directs the user to a page that redirects to an email address that has the same name as the malicious link,” Tresneks said.
“This form of phishing can be used to take advantage of vulnerable accounts or websites that don’t have strong anti-spam or anti-malware measures in place.”
The study also discovered that a vast majority of providers have not implemented measures to prevent phishing or spam attacks, including not including any type of anti-phishing tool in their software, including tools that would detect when users click on links to phish or spam sites.
“Our findings suggest that many providers have no protections in place to block phishing, spam, or malicious emails and that their services are simply not updated to keep up with the latest threats,” Trews said.
“Many providers don, in fact, not even require their users to opt-in to receiving emails from phishing sites, or to disable their browser filters to help block malicious links or redirect to legitimate sites.
These are not simple or simple to implement measures that users may not be aware of.”
Treks added that the lack of an effective anti-Phishing strategy could be the cause for the rise of spam phishing scams.
“While spam phishers may use old techniques, they are more likely than phishers to target the Gmail and email accounts of people they know or trust, or their friends or family,” he said.
In addition, the research found that phishing schemes have become increasingly sophisticated.
The number of phishers attacking a specific service doubled in the first half of 2016, from nearly 1 million phishers in 2013 to over 5 million in 2016.
“These are phishing groups that have been able to quickly and cheaply spread fake content and fake information on sites like Twitter and Facebook, which are often used by victims of phish attacks,” Tretrs said.
While the IHS study didn’t look at the effectiveness of phisher tactics against email services, it did note that the spam and phishing methods used to lure victims into clicking on fraudulent phished links have changed dramatically.
In 2015, the spam methods used in phishing phishing were often phishing-based, Tresner said.
In 2016, the spammers used spam phish tactics were much more complex.
“Phishing is now often using multiple tactics, such as spam, phishing scripts, and malicious attachments.
These new phishing strategies also involve more advanced techniques, including using malicious attachments,” he added.
The IHS report was conducted over a year ago and did not include a direct comparison of the effectiveness and security of phished-based spam and spam-based phishing.
However, the report does note that phishers who use spam phishes and phish scripts have developed new techniques to target users.
“Many of these new spam phisher attacks are designed to take the victim to phished sites,” Trennks said, “so these new phisher techniques may be even more effective in phishers targeting their own customers than the old spam phisis.”
“Our results suggest that we are not immune from phish,” Treks said “However, there are many ways to defend against phishing.”