TRENDING
Phishing attacks will continue to be successful as long as there is a human that can be psychologically manipulated in some way .
attackers are starting to embrace click farms . This entails dozens of remote ‘ workers ’ systematically attempting to log on to a target website using recently harvested credentials . The connection comes from a human using a standard web browser , which makes fraudulent activity harder to detect .
Even a relatively low volume of attacks has an impact . As an example , Shape Security analyzed 14 million monthly logins at a financial services organization and recorded a manual fraud rate of 0.4 %. That is the equivalent of 56,000 fraudulent logon attempts and the numbers associated with this type of activity are only set to rise .
Shape Security researchers also recorded an increase in the volume of real-time phishing proxies
( RTPP ) that can capture and use multi-factor authentication ( MFA ) codes . The RTPP acts as a person-in-the-middle and intercepts a victim ’ s transactions with a real website . Since the attack occurs in real time , the malicious website can automate the process of capturing and replaying time-based authentication such as MFA codes . It can even steal and reuse session cookies .
Recent real-time phishing proxies in active use include Modlishka2 and Evilginx23 . F5 Labs and Shape Security are set to monitor the growing use of RTPPs in the coming months .
“ Phishing attacks will continue to be successful as long as there is a human that can be psychologically manipulated in some way . Security controls and web browsers alike must become more proficient at highlighting fraudulent sites to users ,” Warburton concluded . “ Individuals and organizations also need to be continuously trained on the latest techniques used by fraudsters . Crucially , there needs to be a big emphasis on the way attackers are hijacking emerging trends such as COVID-19 .” p
26 INTELLIGENTCIO APAC www . intelligentcio . com