Phishing is a major problem and Microsoft has been recently shining a light on how common it is. For example, in the company's yearly report covering malware and cyber-security trends Microsoft showed Phishing attacks increased over the last two years.
In that report, Redmond showed phishing attempts increased 0.2% in Jan. 2018 and then 0.6% by October 2019. Indeed, Phishing was one of the only attack vectors that grew recently. Other attacks such as infections, malware, crypto-mining, and ransomware decreased.
While software vendors are improving their solutions against Phishing, Microsoft says attackers are refining their techniques.
“Phishers have been quietly retaliating, evolving their techniques to try and evade these protections. In 2019, we saw phishing attacks reach new levels of creativity and sophistication. Notably, these techniques involve the abuse of legitimate cloud services like those offered by Microsoft, Google, Amazon, and others.”
This week, Microsoft continued to discuss phishing attacks in a blog post. The company detailed three specific phishing attacks seen during 2019.
Looking at one attack, it was multi-layered and involved bad actors targeting Google results. Attackers hijacked legitimate traffic from websites to filter them into websites they controlled becoming the top of Google search results.
Elsewhere, the phishing campaign included sending emails to victims and directing them to Google search. It a search link was click and the user selected the top ranked site, they would end on a website under the control of the attackers.
“When accessed by users in Europe, the phishing URL led to the redirector website c77684gq[.]beget[.]tech, and eventually to the phishing page. Outside Europe, the same URL returned no search results,” the company said.