- Phishing -e -emails with malicious URLs are used four times more than those with attachments, allegations of proofpoint -studies
- Clickfix attacks also rose 400% years to years
- A layered approach to security is the best way to defend
Phishing fraud and malicious URLs continue to be a trajectory in business, increase year to year and become more dangerous at that moment, new research has warned.
A new paper from proofpoint, based on data from the company’s threat information platform, claims phishing -e emails with URLs rather than attachments, is increasing in popularity; This clickfix is currently the first method of fooling victims to be infected; And that most criminals are interested in stealing login credentials.
Phishing -e emails have always been the first initial attack vector for their simplicity, low cost and omni spread. However, providing malware via attachments is not as straightforward anymore, with different E -mail security solutions that will be quite good at scanning and filtering malicious content.
Clickfix, QR codes and SMS messages
The cyber criminal community responded by turning to URLs – these days they are used four times more than attachments. This is because they are easier to hide and more likely to avoid detection, proofpoint claims. MISCREANTS would integrate them into messages, buttons, even within benign attachments, such as PDFS or Word documents.
In many cases, the URLs lead to sites with a clickfix popup. Clickfix is a phishing technique where the victims show a false error and cause the means to “solve” the problem right away. These attacks also increased by almost four times over years.
Proofpoint also said that most threat players are interested in stealing login when it discovered 3.7 billion URL-based attacks aimed at stealing such secrets. This is most due to the fact that infoStealing malware, such as Cogui or Darcula, is phishing sets with low skill that can be easily achieved and implemented.
Other notable methods include QR code phishing threats (Quishing) and SMS phishing (smishing), with the latter spiking 2,534% year to year.
“The most harmful cyber threats today are not targeted at machines or systems. They are targeted at humans. In addition, URL-based phishing threats are no longer limited to the inbox, they can be performed anywhere and are often extremely difficult for people to identify,” said Selena Larson, senior threat information analyst at Proofpoint.
“From QR codes in emails and false captcha pages to mobile-first Smishing scams, attackers are weapons on trusted platforms and well-known experiences to exploit human psychology. Defending against these threats requires multi-layer, AI-driven detection and a human-centered security strategy.”
How to defend against phishing
The best defense against phishing -e emails with malicious URLs is layered protection.
Businesses can start with an E -mail security gateway that blocks suspicious links even before they can reach the inbox. Then, with browser insulation or link writing, systems can “detonate” (trigger, basically), URLs in a safe environment.
Finally, every company must train their employees how to find phishing emails, how to hover over links to double control, where they lead to how to verify senders and avoid clicking on unexpected messages. Finally, enforcement of multifactor approval (MFA) is always recommended, just as it is to keep the endpoint protection updated to catch malware if any clicks.
Finally, companies should implement strict access control and monitoring, so even if a link slides through, the damage remains.
