Microsoft recently released its annual security report, in which it highlighted the current software and security vulnerabilities that are commonly exploited by cybercriminals across the globe. The 178-page report cautions that online scammers are wont to pose as popular social media sites to launch phishing attacks against victims.
Cybercriminals are increasingly masquerading as popular online services like Facebook, Google, Amazon and eBay, in order to lure in more unsuspecting victims. Microsoft security researchers also pointed out that phishing attacks are now targeting individual users instead of banking institutions as it is comparatively easier to launch successful phishing campaigns against civilian users in comparison to stealing login credentials from banks, which usually have high-end security systems.
Microsoft chief security advisor Tim Rains told ZDNet: "Impressions for online services was higher than any other. We had more people trying to get to phishing sites for online services, and there are more sites dedicated to that. If you think about it, there are thousands of financial institutions around the world, so if you're going to phish financial institutions, you need to have lots of sites, but there's only one Facebook, there's only one Ebay, so what we see with those is a low number of sites, but with a high number of impressions."
Microsoft's SmartScreen Filter, which has been specifically designed to detect malicious websites, uncovered that over half of the websites identified as malicious by the system were part of phishing campaigns posing as online services. What is even more alarming is the amount of time it usually takes to detect an actual threat. Microsoft says that it takes an average of 240 days before a breach can be identified, Digital Trends reported.
Microsoft UK national security officer Stuart Aston opines that the increase in such cyberattacks can be attributed to the evolution of cybercriminals, who are now capitalising on prevalent cybersecurity threats to exploit their victims.
"The phishers are getting smart in a sense they are tying in to real-world events, because when an organisation gets hacked, all of a sudden there are phishing attempts naming that organisation. They're monitoring this stuff, so it's really important for consumers to make sure they're hovering over that link before they click it," he told ZDnet.
Microsoft's complete security intelligence report is now available for download here.