In that report, Redmond showed phishing attempts increased 0.2% in Jan. 2018 and then 0.6% by October 2019. Indeed, Phishing was one of the only attack vectors that grew recently. Other attacks such as infections, malware, crypto-mining, and ransomware decreased. While software vendors are improving their solutions against Phishing, Microsoft says attackers are refining their techniques. This week, Microsoft continued to discuss phishing attacks in a blog post. The company detailed three specific phishing attacks seen during 2019.
Attack
Looking at one attack, it was multi-layered and involved bad actors targeting Google results. Attackers hijacked legitimate traffic from websites to filter them into websites they controlled becoming the top of Google search results. Elsewhere, the phishing campaign included sending emails to victims and directing them to Google search. It a search link was click and the user selected the top ranked site, they would end on a website under the control of the attackers. “When accessed by users in Europe, the phishing URL led to the redirector website c77684gq[.]beget[.]tech, and eventually to the phishing page. Outside Europe, the same URL returned no search results,” the company said.
