Threat actors are going after the human attack surface with new kinds of phishing and social engineering tactics that are particularly good at taking advantage of the latest remote working trends. While credential-stealing remains popular, there are new multi-vector phishing attacks that are leverage web, SMS, social, search, and collaboration tools.
Phishing used to be comprised of easy-to-spot phishing emails attempting to trick users with fake log-in pages or scams, but the phishing landscape has changed dramatically. Threat actors are using new attack vectors to deliver a greater variety of phishing payloads. These phishing attacks use multiple tactics and speed to evade traditional defenses that rely on domain reputation and blacklists. Today’s threat actors are leveraging Phishing 2.0 techniques, while their victims still think phishing protection 1.0 is enough.
Now that bad actors have shifted their tactics, another trend is happening — they’re reinventing the phishing landscape. The classical phishing paradigm was you’ll get an email with a link to a fake log-in page. That’s no longer the case and phishing is now just as prominent in SMS, social media, ads, search engines, browser extensions, chat apps, and the payloads include rogue browsers, scareware, fake virus alerts, banking fraud, and more. (Exhibit 1).
Fake log-in pages are no longer the only game in town. HTML phishing can be delivered straight into browsers and apps, bypassing infrastructure (SEG, NGAV, AEP), evading URL inspection, and domain reputation analysis methods. Employees can’t spot the fakes, and traditional defenses that rely on domain reputation and blacklists are not enough.
The only way you to effectively stop this dramatic rise in 2.0 phishing attacks is to move from 1.0 reputation based phishing defense to 2.0 phishing defense. SlashNext is exclusively focused on 2.0 phishing with AI phishing defense for business. We deliver real-time, multi-layer phishing defense services for users working from anywhere. Powered by our AI phishing defense cloud, which performs dynamic, run-time analysis on billions of URLs daily through virtual browsers, machine learning, and NLP. SlashNext delivers zero-hour protection for all forms of phishing across email (including BEC), SMS, social networking, private email, and new collaboration services (Slack, Teams, Zoom, etc.) With the largest phishing database globally (10X the nearest competitor) and the highest detection rate at 99.07%, we can stop phishing 2.0 in its tracks. Take our 30-day phishing challenge with a free trial to start fighting phishing 2.0 with 2.0 AI phishing defense.
*** This is a Security Bloggers Network syndicated blog from SlashNext authored by Lisa O’Reilly. Read the original post at: https://www.slashnext.com/blog/phishing-2-0-is-here-make-sure-youre-prepared/