Cyber attacks defined as phishing are confirmed among the most used to lead to computer violations and steal personal, sensitive or banking data.
A phenomenon certainly not new, but which every year, in the reports of IT security companies, is confirmed among the main systems used and which experiences different evolutions from time to time to deceive more and more and better users.
In general, phishing attacks involve sending e-mails, to the highest number of people possible, which simulate well-known sites or brands in order to induce users to click on a link pointing to an infected web page from which it is installed malware or e-mails containing infected attachments on the PC. The high success rate of these attacks is based on the trust that the communication can generate in the recipient. For this they use logos, colors and names of well-known brands, companies or banking institutions.
New methods of delivering malware
Recently, experts have identified methods hitherto little used by cybercriminals to steal information. These include the use of Google Translate to create bogus sites: that is, pages in incomprehensible languages are created containing the link to the Google Translate service, which actually leads to a scam site. Another method used is to insert images without text which, however, contain a link which, if clicked, installs the malware on the victim's PC. These are methods devised to bypass the security checks of the various systems as well as to make it increasingly difficult for users to discover any fake emails. In fact, phishing attacks are the first step for more sophisticated attacks such as ransomware or financial fraud attacks or for accessing company systems from an employee's PC.
In the latter case in particular we speak of spear phishing, ie phishing attacks not addressed to the mass but to a specific subject. From the report prepared by the IT security company Barracuda, in 2022, 50% of the companies analyzed suffered a spear phishing attack