See the Phishing Threats You're Missing Now​

Most phishing protection can’t stop 75% of the latest sophisticated phishing attacks.

Explore the Top Five Phishing Threats

Click through below for our guide to the latest phishing attacks getting up to a 24% click-through rates from business users.

Credential Stealing

Credential stealing is the leading cause of account takeovers. In the last six month SlashNext Threat Labs have seen 70% of phishing attacks leading to account takeovers. The most popular types of credential stealing pages are replicas are global brands like Google, Microsoft, and Dropbox. Some even have functional password reset options or security questions to enhanced the trust factor. These attacks are effective because the user usually can’t differentiate between the fake and legitimate page which makes training an ineffective way to reduce the  risk.

SMishing

SMishing is phishing that is delivered through SMS text and the threats types can be credential stealing, rogue software, apps and extensions. These attacks are customized specifically for mobile delivery and designed to only work for Mobile iOS or Android. What makes them particularly dangerous is the attack vector is not email but ads and SMS, where most phishing protection is not as effective.

Rogue Apps and Extensions

These attacks fundamentally try to exploit the users trust with the end goal wittingly (or unwittingly) installing malicious apps or extensions on to their system with the promise of interesting or useful functionality. The typical types of apps and extensions include downloading fake system cleaners, anti-virus tools, videos players or browser extensions. Common malicious characteristics include:

  1. Snooping on browser sessions to sniff user’s credentials 
  2. Actively parsing web page content (Man in the Browser)
  3. Launching phishing pages within the browser

Spear Phishing

Spear phishing attacks are more focused than typical email phishing. Bad actors customize attacks and often use social media to gather information to trick users into believing there is a legitimate connection with the sender by providing familiar clues that entice the user to believe the communication is safe. Spear phishing attacks can be launched from legitimate hosting infrastructures like Box, Google Drive, or Dropbox.

Angler Phishing

Angler phishing is focused on delivering attacks on social media and often focused on spoofing major brands with site look-alike accounts. Masquerading as customer support, bad actors will lure their target to a fake log-in page to steal credentials or money.

Attacks by the Numbers

Phishing is the number one cause of corporate breaches. See how these phishing attacks are trending. 

High Attack Surface Outside of Email

High Attack Surface Outside of Email

Source: SlashNext Threat Labs

Schedule Your Phishing Risk Assessment

Get a preview of the industry leading phishing solution

Most phishing protection can’t stop 75% of the new, more sophisticated phishing attacks entering your organization. Take our popular risk assessment and discover why 98% of the people who try SlashNext AI Phishing Defense move to our approach. 

Close Menu