GlobalSign Blog

27 Dec 2018

The Worst Phishing Attacks of 2018

As we slowly wrap up 2018 and prepare the canvass for 2019, we tend to reminisce on the year that we had. It’s also best to look back at our mistakes and learn from them. This same principle goes well with cybersecurity. Looking back, 2018 was a busy year for online security experts. So in the spirit of self-improvement, let’s check out the five worst phishing attacks of 2018 and see where companies can tweak their online security game.

Phishing Emails Disguised as GDPR Emails

Remember back in May when everyone started receiving privacy policy emails from various brands? It’s related to EU’s landmark regulation General Data Protection Regulation (GDPR) that required companies to update how they handle their clients’ personal data. Scammers took this opportunity of email influx to make their very own fake ones. One sample was discovered by security firm Redscan when hackers sent emails to potential victims pretending to be Airbnb updating their privacy policy.

Free World Cup Tickets Phishing Scam

The collective passion of all soccer fans urged hackers into making a quick buck. Phishing emails promising free World Cup tickets started circulating in June. The phishing scam got viral real fast that the Federal Trade Commission had to send an advisory to the public. "The offer may seem promising, but the truth is, scammers are simply phishing for your personal information. Never open files or click on links sent by strangers. And never pay a fee to claim a prize," the FTC wrote in their statement.

Cloud-Based Fake Document Phishing

Cloud technology definitely had a great year in 2018. Various apps and services started harnessing the power of the cloud and unfortunately, so did hackers. For example, various hackers tried luring victims with fake documents stored in Google Drive, Dropbox, and other cloud-sharing platforms. Instead of the intended file, the documents contain various hacking agents ranging from keylogger to malware scripts. Never ever click on these cloud documents especially if it came from an unknown source.

Fake News Phishing Scams on Social Media

This list won’t be complete without mentioning the rise of phishing attacks in all social media platforms. Aside from connecting people online, social media also made phishing a lot easier. Hackers often use fake news and alarming headlines on Facebook, Twitter, Snapchat, and other platforms to entice victims into clicking malicious links. And unlike emails, it’s harder to quickly verify on social media if the person you’re talking to is actually a real person and not a hacker’s creation.

Sextortion Email Phishing Scam

Now this one’s just awful. Using the various data breaches that happened in 2018, hackers lure victims into giving their credentials by claiming they have footage of the victims doing something illegal or embarrassing, like watching adult content. Some hackers even use the victims’ redacted phone numbers to make their emails more legit. They then try and blackmail their victims into sending them money. Unfortunately, the hackers made over $500,000 using this dirty trick alone.

As terrible as this list is, it only proves that companies should definitely do more in protecting their assets and their customers from phishing attacks. Luckily, getting better cybersecurity isn’t that hard to do. GlobalSign can help improve your company’s online security efforts. Check out our official website for more details.

Share this Post

Connect with us

fb_icontw_iconin_icon