How to protect your business against phishing attacks that exploit major tech brands

Users of Microsoft, PayPal, DHL, and Dropbox are among the top targets of phishers, according to a new report from cloud service provider Akamai.

Why phishing remains a critical cyber-attack vector
Spear phishing emails targeting business users are so well-crafted they should be called “laser” phishing attacks, says Microsoft’s Cybersecurity Field CTO Diana Kelley.

Cybercriminals who employ phishing as their attack method of choice use various tricks and techniques to lure their unsuspecting victims into divulging private information. The strategy is to concoct an email or other communication that exploits a company or brand or product that has some interest or relevance to the recipient. With tech brands such a common thread among people today, cybercriminals are leveraging some of the world’s largest tech companies to trap users, as described in a report released Wednesday by Akamai.

The “Akamai 2019 State of the Internet/Security Phishing: Baiting the Hook” report found that criminals are exploiting certain top global brands and their users through highly organized and sophisticated phishing operations. In particular, Akamai discovered that technology was the top industry targeted by phishers, with users of Microsoft, PayPal, DHL, and Dropbox the biggest targets for phishing attacks.

SEE: Phishing attacks: A guide for IT pros (free PDF) (TechRepublic) 

Cybercriminals use phishing kits to carry out their attacks. Such kits are readily available for sale on the Dark Web and provide anyone with the necessary software and tools to initiate and manage a phishing campaign. These kits are also available in different variants based on the possible targets, evasion methods, and other factors. Many kit developers even operate phishing as a service (PaaS) businesses by offering an admin panel that contains all the necessary functions and services for buyers to launch an attack. Beyond the kits,…