Our Blog

One approach, introduced in mid-2006, is to switch to a dedicated DNS service that filters out known phishing domains: this works with any browser,[161] and is similar in principle to using a hosts file to block web ads. However, Section 77B of the Information Technology Act makes all phishing fraud laws available on bail (2008 amendments). In spear phishing, an attacker directly targets a specific organization or individual with personalized phishing communications. [14] Essentially, it involves creating and sending emails to a specific person to make them believe that the email is legitimate. Unlike mass phishing, spear phishing attackers often collect and use personal information about their target to increase their chances of success of the attack. [15] [16] [17] [18] Spear phishing typically targets executives or those working in financial services who have access to sensitive company financial data and services. A 2019 study showed that accounting firms are often the target of spear phishing because of their employees` access to information that could be valuable to criminals. [19] Today, phishing schemes have become more diverse and potentially dangerous than they used to be. With the integration of social media and login methods such as “Login with Facebook”, an attacker could potentially commit multiple data breaches against a person who uses a phishing password, making them vulnerable to ransomware attacks. Meanwhile, more modern technologies are also being used.

For example, the CEO of an energy company in the UK thought he was talking to his boss on the phone. They were told to send money to a specific provider, when in reality it was a phishing scheme that used AI to mimic the voice of their parent company`s CEO. It is not clear whether the attackers used bots to answer the victim`s questions. If the phisher were to use a bot to automate the attack, it would be harder for law enforcement to investigate. Special spam filters can reduce the number of phishing emails that reach recipients` inboxes. An August 2014 Forbes article argues that the reason phishing problems persist even after a decade of selling anti-phishing technologies is that phishing is “a technological way to exploit human weaknesses” and that technology cannot fully compensate for human weaknesses. [183] There are anti-phishing websites that publish exact messages that have recently begun circulating on the Internet, such as FraudWatch International and Millersmiles. These websites often provide specific details about particular news. [133] [134] PayPal is aware of these threats and has published informational materials that its customers can refer to in order to prepare for phishing attacks. They recommend anyone who receives a suspicious email from an account claiming to be PayPal not to click on the links, but instead uses the hover technique described above to see if the link address matches the actual domain PayPal. PayPal also recommended logging into their account separately to make sure everything goes as it should.