Phishing attacks are among the most widespread and effective tactics used by cybercriminals against business. These schemes aim to deceive employees into disclosing sensitive information, such as login credentials or financial data, by posing as legitimate sources. While phishing attacks come in various forms, they often target corporate email systems due to the wealth of valuable information they hold. To assist businesses in bolstering their defenses against potential breaches, Kaspersky is unveiling the anatomy of a phishing attack.

According to Mimecast’s ‘The State of Email Security 2023’ report83% of CISOs surveyed see email as the primary source of cyberattacks. The recent case of Pepco Group demonstrated the severe consequences that phishing attacks can inflict on a business. At the end of February, the retail company reported that its Hungarian subsidiary had fallen victim to a sophisticated phishing attack. As a result of this strike, Pepco Group lost approximately €15.5 million in cash. This incident highlights the expanding threat posed by cybercriminals, emphasising the critical need for organisations to strengthen their cybersecurity defenses.

In 2023 Kaspersky's anti-phishing system thwarted over 709 million attempts to access phishing and scam websites, marking a 40% increase compared to the previous year's figures.

Examples of phishing in Swahili pretending to be from ‘IT Help Desk’ and ‘Outlook Support Team’

with link for ‘password renewal’ and ‘account activation’ leading to phishing website that collected data.

I
n response to this pressing issue, Kaspersky experts cover the way phishing attacks are conducted.

1. Cybercriminals’ motivation

Phishing attacks stem from cybercriminals motivated by various factors. Primarily, they seek financial gain by unlawfully acquiring sensitive information like credit card details or login credentials, which can be sold or used for fraudulent transactions. Additionally, some are motivated by political or ideological agendas, or by the purpose of espionage. Despite the differing motivations, these attacks pose severe risks to businesses.

2. The initial approach

Phishing attacks typically begin with cybercriminals crafting fraudulent emails designed to lure recipients into taking action. These emails often mimic legitimate communications from trusted sources, such as colleagues, business partners or reputable organisations. To enhance credibility, attackers may employ tactics like spoofing sender addresses or replicating corporate branding. The situation is further exacerbated by the emergence of AI-powered phishing attacks, leveraging sophisticated algorithms to create highly convincing and personalised phishing emails. This exacerbates the challenge of detecting and combating such threats.

3. Deceptive content and techniques

Central to the success of phishing attacks is the exploitation of human vulnerabilities. Cybercriminals leverage psychological manipulation techniques, compelling victims to act impulsively without thoroughly evaluating the email's legitimacy.

Phishing emails employ various strategies to deceive recipients and elicit desired responses. Common techniques include:

  • False pretenses: Emails may claim urgency or importance, urging recipients to act quickly to avoid purported consequences or to seize perceived opportunities.
  • Social engineering: Attackers personalise emails and tailor messages that resonate with recipients' interests, roles, or concerns, increasing the likelihood of drawing in the victim.
  • Malicious links and attachments: Phishing emails often contain links to fraudulent websites or malicious attachments designed to harvest credentials, install malware, or initiate unauthorised transactions.
4. Evading detection
To evade detection by email security filters and anti-phishing solutions, cybercriminals consistently refine their tactics and adapt to evolving cybersecurity measures. They may employ obfuscation techniques, encryption methods, or URL redirection to bypass detection and enhance the effectiveness of their attacks.

5. Consequences of successful phishing attacks
When phishing attacks succeed, the consequences can be severe for organisations. Breaches of corporate email systems can lead to unauthorised access to sensitive data, financial losses, reputational damage, and regulatory non-compliance. Moreover, compromised email accounts can serve as footholds for further cyberattacks, such as Business Email Compromise (BEC) or data exfiltration.

Mitigation strategy
Safeguarding against phishing attacks targeting corporate email systems, means organisations must implement robust cybersecurity measures while educating employees about phishing awareness and best practices. Effective mitigation strategies include employee training, the introduction of multi-factor authentication, the formulation of incident response plans, and the deployment of advanced email filtering and security solutions.

"In today's dynamic threat landscape, businesses face an ever-growing array of cyber risks, with email-based attacks posing a particularly insidious threat. At Kaspersky, we recognise the critical importance of equipping organisations with robust cybersecurity solutions to help businesses defend themselves against these evolving threats. Our Kaspersky Security for Mail Server combines advanced content filtering capabilities with cutting-edge machine learning technology to provide unparalleled protection for corporate mail systems even against evolving AI-powered phishing attacks. By leveraging our solutions, businesses can proactively defend themselves against phishing attacks and other malicious threats, ensuring the security and integrity of their sensitive data," comments Timofey Titkov, Head of Cloud & Network Security Product Line at Kaspersky.