Phishing is a type of social engineering and scam where attackers deceive people into revealing sensitive information or installing malware. Phishing attacks have become increasingly sophisticated since the 1990s when black hat hackers used AOL to steal sensitive information and commit online crimes. Phishing techniques include Spear Phishing, Whaling and CEO fraud, Voice Phishing, SMS Phishing, Calendar Phishing and much more.
So, what changed? Phishing has changed dramatically and remains a constant threat to the world. Threat actors advanced their “Tools, Tactics and Techniques (TTPs)” to infiltrate companies and steal from victims worldwide and it keeps getting worse every year. A Digital Guardian report, “Securing Business Emails Against Phishing”, found that 90% of corporate security breaches are the result of phishing attacks. It’s information that keeps cybersecurity professionals worried and looking to different technical methods to protect the organization. It also keeps C-Suite executives digging into their pockets for the next “shiny” anti-phishing tool when most of the tools used by threat actors for phishing are either free or open source if you know where to look.
As of 2023, cybersecurity professionals and security researchers are seeing new methods and attacks used to compromise email accounts. One such method that is successful is known as “Adversary in the Middle” (AiTM), also known as “Man in the Middle”. “Adversary in the Middle” is done by deploying a reverse proxy server that replays the requests from the user to the phishing website. When the....