The Development of Phishing

As technology has developed over the years we’ve seen advances in various avenues, including our devices, websites, and even applications. We’ve seen the rise of social media sites such as Facebook and Twitter, and even the explosion of entertainment sites such as Netflix and YouTube.

But what if all of these sites provided cybercriminals with more opportunities to launch a cyber attack on your device? Ever since the dawn of the internet age, phishing has been a common problem in our society. Many people overlook the issue because they feel like it doesn’t pose a big threat to them, or they believe that it won’t ever happen to them.

The reality though is that phishing is dangerous, and it always has been. But it’s become even more dangerous in recent years due to how it has developed. Cybercriminals have become more cunning than ever before, and if you don’t know what to look out for, you could fall victim to their traps.

What is Phishing?

Before we dive into how phishing has developed to become incredibly difficult to spot we first need to fully understand what phishing is and how it works. This will help you to better understand how it has grown since it came about, and how you can spot phishing attempts.

In its most basic form, phishing is mostly used when it comes to emails. This is how phishing was first used, and it’s also one of the most common ways that phishing scams are used today as well. Phishing scams are when a cybercriminal sends fraudulent emails to their victim. The email will urge the victim to interact with a link or attachment — and once they do, the hacker has the upper hand. One of two things can happen when the victim interacts with these two elements.

Firstly, interacting with the attachment could prompt malicious software to be installed on the victim’s device. Malicious software, also known as malware for short, is a common type of cyberattack used in our modern world. Malware can range from viruses to spyware, and even ransomware. There are many other forms of malware, but these are the most common types that you need to be wary of.

Interacting with a link in the email could also prompt malware to be installed on your device, but many times it can take you to a website that has been set up by the cybercriminal. Fake websites can be rigged with a keylogger, which is software that will copy everything that is typed into the website and give it straight to the cybercriminal. So, whether you’re typing in login credentials, personal information, or even baking details, the hacker will be able to steal them instantly without your knowledge.

In essence, phishing involves manipulating and deceiving victims into clicking on fraudulent links or giving up crucial details. Now that we have a good understanding of how phishing works, let’s take a look at how it has developed and how hackers are using the advancements of technology to take advantage of innocent internet users.

How Social Engineering Changed Phishing

Phishing may have been around for decades, but eventually, people began to catch onto the tactics used by cybercriminals. Hackers have had to adapt their strategies and develop new tactics to ensure that their phishing scams will keep on working as intended.

Cybercriminals have started using social engineering to trick victims into falling for their phishing scams. Social engineering is when hackers use deception and manipulation by pretending that the email is from a person or company that the victim knows and trusts — thus making it more likely that they will interact with the link or attachment in the email.

One example of a modern phishing scam that uses social engineering is where hackers pretend to be Netflix contacting their customers. Netflix is a popular streaming platform with millions of subscribers worldwide, so it’s a good way to lure in potential victims. Hackers will send an email to the victim stating that they need to update their billing information or risk having their account suspended. The victim will believe that the email is legitimate because the hackers will replicate the Netflix logo and color scheme, making the email seem real.

Clicking on the link in the email will take the victim to a billing page that replicates the one on the Netflix website. Since they look identical, the victim won’t suspect anything, and they will type in their details. The website will be rigged with a keylogger — this allows the hackers to steal the victim’s information that they have typed into the website.

Netflix is just one example of how cybercriminals can use social engineering to take advantage of their victims. Hackers can use local businesses, or even more sensitive businesses such as your bank to trigger a more emotional response from the victim — making them more likely to fall for the trap that has been set.

Moreover, phishing scams have now spilled over onto social media sites too. It’s arguably easier for cybercriminals to set up phishing scams because the majority of social media users have all of their interests and hobbies on display for the world to see. For example, if you’re a football fan, a cybercriminal could set up a giveaway where you can win tickets to the next big match simply by entering your personal information or creating an account. If you don’t use strong and unique passwords, this will give the cybercriminal access to all of your accounts. 

How to Stay Safe 

Staying safe from phishing scams is becoming more and more difficult. It all comes down to being careful what you click on and where you type in your information. Luckily there are a few tell-tale signs you can look out for.

Always make sure to check the sender’s email address, even if the email looks legitimate. Email addresses can’t be faked, and if it’s anything other than an official company email it’s a scam. You should also keep an eye out for any spelling or grammatical errors, as these can give away a hacker’s disguise. Another red flag is if the email starts with a generic greeting rather than your name. If you’re subscribed to a service such as Netflix, your name will be in their database, and they will use it in any emails sent to you.

The Development of Phishing was last updated June 23rd, 2022 by Matt Outreach