Phishing is still the leading technique used by cybercriminals, and the availability of LLMs for crafting perfect phishing emails and the abuse of legitimate services for sending emails ensures that cybercriminals get a sufficiently high success rate.
Cybercriminals’ tactics are constantly evolving and they are increasingly able to defeat traditional security measures. One recent report suggests that 70% of phishing emails successfully pass DMARC authentication checks, with more than 50% of phishing emails passing through businesses’ email security defenses.
Not only is phishing the most popular technique, attacks are increasing. To a large extent, the increase in attacks has been driven by the availability of phishing kits. Phishing kits provide cybercriminals with everything they need to perform successful phishing campaigns aside from the email addresses to target, and they can easily be purchased on cybercrime forums. The phishing kits open up phishing to a broad range of individuals, allowing them to conduct campaigns with ease, monitor performance, and automate campaigns and credential theft.
Phishing kits are offered on cybercrime forums and Telegram, with the Darcula phishing-as-a-service platform being one of the most comprehensive tools. When the phishing kit was released last year, it used around 20,000 domains that spoofed well-known brands and has since been used to conduct phishing campaigns in more than 100 countries. Now a new version of the platform is about to be released with even more features to make conducting phishing campaigns even easier.
What is particularly concerning about this platform is its ability to create DIY phishing kits to target any brand. Any user of the kit can simply provide the URL for the brand they want to target and the kit will generate all required templates for the attack, including cloning the legitimate site for the phishing landing page. The kit also includes pre-made templates for capturing passwords, credit card numbers, and for MFA entry prompts.
The latest version also includes a user-friendly dashboard, IP and bot filtering, performance measurement metrics to determine the effectiveness of phishing campaigns, automated credit card theft and digital wallet loading, and the removal of technical skills requirements, making it as easy as possible to conduct extensive phishing campaigns.
With AI tools helping to make phishing campaigns more effective and new phishing kits being developed to remove the need for any technical skills, phishing attacks are likely to continue to increase and businesses need to ensure that they have appropriate defenses in place.
The good news is TitanHQ can help. TitanHQ offers two solutions for protecting corporate email accounts from phishing and malware, the SpamTitan spam filtering service and the PhishTitan anti-phishing solution for Microsoft 365. The engine that powers both of these solutions is regularly tested for effectiveness by Virus Bulletin. In Q3, 2024, TitanHQ ranked joint first for protection, in sole 1st place in Q4, 2024, and in the latest tests in February, achieved perfect scores for phishing detection, malware detection, and spam detection, scoring 100% in all three areas with a 0.00% false positive rate.
The exceptional scores for phishing detection and malware blocking have prompted many MSPs to make the switch to TitanHQ to ensure they can give their clients the very best in protection and increasing numbers of SMBs are choosing TitanHQ as their antispam software and anti-phishing partner.
In addition to these technical solutions, TitanHQ offers a comprehensive security awareness training and phishing simulation platform to help businesses improve their human defenses by eradicating poor security practices and teaching employees how to identify phishing emails.
While it is bad news that phishing attacks continue to increase, with TitanHQ as your security partner, your business will be well protected. Give the TitanHQ team a call today to find out more or take advantage of a free trial of TitanHQ solutions and put them to the test.