In the third quarter of 2020, hackers used smartworking to their advantage, bombarding inboxes with phishing emails to steal users’ identities
Smartworking from home is distracting and lowers attention; cybercriminals know this and are taking advantage: it’s phishing boom in the third quarter of 2020, as certified by the latest data from Check Point Research.
In most cases, explains the cybersecurity company, these are “impersonation” attacks: phishing emails through which attackers try to steal the victim’s account by asking him to enter his access data in a fake screen that imitates the original Microsoft or Google one. If the user falls for this, within a few minutes they find their account locked because of identity theft because the hackers immediately proceed to change the login password. With that account, criminals are able to access many others, since the Microsoft or Google account is often used to access different online services.
Phishing and identity theft: alarming data
In the third quarter of 2020, email was the most used platform for impersonation attacks, accounting for an incredible 44% of total attacks. Microsoft acconts were the most targeted by phishing attempts (19% of the total), followed by Google ones (9% of the total).
Once a cybercriminal gets a Microsoft account he can also access the user’s Skype, Teams, Microsoft 365 profiles. If he gets the Google one he gets into Gmail and the entire Google Workspace suite. Not to mention all the sites the user accesses with the main account. With direct access to the mailbox, finally, it’s also possible to go and look for possible access data of other sites.
How to defend against identity theft
Everything starts with an email, so it is in the email inbox that the strategy to defend against phishing must begin. The first rule is to choose a good email service with a powerful spam and phishing filter. Then, if a message is not filtered, it’s up to the user to do their part by always being wary when asked to enter their login details.
Checking the sender of the message is the first step, avoiding clicking on links and opening attachments is the second. Installing a good antivirus suite is equally important, enabling two-factor authentication can save us in extremis if the hacker has already entered our account.