Warnings of phishing emails and websites

    BugBounter highlights the massive phishing emails and fraudulent websites that are created in a series to capture personal information. According to research, phishing activities still remain among the most commonly used cyber attack methods.

    BugBounter, which quickly, economically and effectively solves the need for companies to find vulnerabilities with a community of hundreds of independent researchers registered on the platform, warns against phishing emails and websites created to capture personal information.

    Phishing attacks continue to increase and become one of the most common threats in the digital world, according to research. According to Verizon Enterprise’s 2020 Data Breach Investigations Report (DIBR), it is the second most common method used in cyberattacks and plays a role in 22 percent of the data breaches the company analyzes. According to data from Google, the number of phishing web pages, which was determined as 149,195 in January 2020, increased by 350 percent after just two months, reaching 522,495. The vast majority of new web pages aim to distract users with COVID-19-themed items in order to infiltrate devices. According to the figures shared by Barracuda Networks, the number of emails using the pandemic to reach users increased 6 times from 137 in January 2020 to 9.116 in March.

    Cyber ​​attackers closely follow the developments in the world in order to reach more people and send their phishing tools to thousands of people. This method, also known as the spray-and-pray, expects one of the thousands of people they send the e-mail to be on the hook. It is possible to avoid being a part of this process with very easy methods. The URL of the forwarded link before clicking, the presence or absence of a generic address, or spelling and logic mistakes in the e-mail can expose cyber attackers.
    Among practical measures that can be taken are to keep in-house awareness high, to test and train employees on this issue, and to identify vulnerable people and subjects by running remote phishing simulations.