The latest phishing trends

The latest phishing trends

Tuesday, 30 April, 2019

The link between fraudulent email spamming and the sedentary pastime of fishing initially seems tenuous.

However, phishing is actually a fitting name for unsolicited messages claiming to be from a reputable company.

Like its phonetic namesake, phishing involves baiting a hook and then hoping someone – anyone – bites.

And unfortunately, the odds are always in the spammers favour, because they distribute vast quantities of messages on a daily basis.

Last December, over one million messages containing the Emotet Trojan were distributed in a single day – and that’s just one of innumerable scams circulating round cyberspace.

Accurate statistics are hard to find, since ISPs tend to block messages automatically. Plus, many victims will be too embarrassed to inform the authorities and end up in crime figures.

In 2017 alone, Kaspersky Lab’s anti-phishing system was triggered almost 250 million times – and they’re only one of many anti-malware brands battling this global scourge.

Worst of all, there’s compelling evidence that phishing levels are rapidly increasing – meaning we’re more at risk than ever before.

Something phishy going on

Given this worrying situation, it’s vitally important to be aware of the latest phishing trends:

  • Attacks are increasingly targeting Software as a Service providers. Dropbox has replaced PayPal as the scammers’ platform of choice, while Netflix is regularly impersonated as well.

    The five most common themes for phishing emails relate to package deliveries, billing and invoicing, message delivery notifications, document scans or some type of enforcement.

    Unexpected or unusual messages from parcel delivery firms, financial institutions, IT brands and Government agencies (in particular HMRC) should be approached suspiciously.

  • HTTPS sites are being used to increase legitimacy. Phishing trends are constantly evolving in response to growing public awareness, as old tricks cease to be effective.

    Our growing aversion to insecure websites has driven scammers to register secure platforms with HTTPS prefixes, in an attempt to convey authenticity.

    Half of phishing sites now use HTTPS. Beware any sites registered in non-English-speaking countries, particularly ones ending in .cn (China) or .ru (Russia) suffixes.

  • Urgency helps to disarm recipients. Given some time to ruminate and reflect, most of us would eventually conclude that a phishing email was fraudulent.

    Consequently, messages are delivered with High Importance flags and URGENT in the subject bar, encouraging us to act without pausing to consider what’s being asked of us.

    Always re-read them, looking for warning signs like “Dear Customer” instead of “Dear Mr Smith”. Poor grammar is another giveaway, since most scams originate abroad.

  • Messaging sites are becoming popular targets. Phishing originated via email in the absence of other communication channels, but again, consumer tastes are evolving.

    Phishing has spread to Facebook Messenger and WhatsApp (which is also owned by Facebook), while collaborative working tools including Slack and Teams are vulnerable, too.

    It’s easy to end up on an illicit distribution list for these platforms, which lack the spam filters and security measures developed by email hosts and internet service providers.

  • Blackmail is on the rise. A particularly nasty form of phishing involves emails claiming to have compromising material – usually webcam footage of the recipient watching porn.

    Unless a ransom is paid using an untraceable cryptocurrency like Bitcoin, the message claims compromising video footage will be distributed to the victim’s friends and contacts.

    Although an episode of Charlie Brooker’s Black Mirror series featured this scenario, webcam hijackings are extremely rare. Hold your nerve and mark the message as Junk or Spam.

Tips for avoiding the latest phishing trends

If you receive an unsolicited email from a company you’ve recently had dealings with, your spider senses should tingle if there’s any suggested problem regarding your account or order.

Legitimate brands won’t ask you to supply account data in an email, or enter your full credit card password into a hyperlink.

Never click on a hyperlink unless you’re certain it’s genuine – log into your account through a web browser, or phone the company to check if the message is authentic.

Finally, try copying and pasting the email’s subject line into Google, to see whether other people have reported this as part of a wider scam.

Neil Cumins author picture


Neil is an expert tech writer. He's written hundreds of guides on all things broadband!

News What's the story?

Keep up with the latest developments in UK broadband.

UK 5G network goes live – are you up to speed?

Here's everything you need to know about the new mobile broadband network.

UK 5G network goes live – are you up to speed? Read more

TalkTalk offers exclusive £80 reward to new fibre customers

The huge bonus is available to anyone signing up for a 'Faster Fibre' bundle through

Read more

TikTok ‘gifts’ empty kids piggy banks

Children are most vulnerable to 'influencer' donation pleas

Read more

Netflix ruins 90’s cartoon, enrages internet

The streaming giant came in for criticism for 'straightwashing' Japanese cult classic anime.

Read more

Porn-block pushed back by clerical errors

Further delays to the child-protection measure, with the process mocked as an 'utter shambles'.

Read more

How to watch Wimbledon online for free

How to make sure you don't miss out on the action from your favourite sports stars.

How to watch Wimbledon online for free Read more

Fast fines for ISPs could end the “Loyalty Penalty”

But could the proposed measures mean worse deals for those who shop around?

Read more

Boris Johnson mocks full-fibre roll-out plans

The likely next PM boasts plans to beat current targets by 8 years, but is it all just hot air?

Read more

Broadband and phone companies to put Fairness first

Telecoms providers commit to raising standards.

Read more

UK to get legal right to decent and affordable broadband

New legislation will ensure minimum speeds for every UK household.

Read more

GDPR – One year on

The landmark legislation gave people the ‘right to know’ when their data had been hacked.

Read more

Help Learn with us

Make the most of the internet with our broadband library.

How to childproof your home broadband

How to childproof your home broadband Read more

Why Ofcom’s USO is more than pie in the sky

Read more

Protecting your small business against cyber attacks

Read more

Could 5G end fixed-line home broadband?

Read more

How broadband availability varies across the UK

Read more

Which social media platforms should I be on?

Read more

Will you get online on holiday?

Stay connected during your get-away.

Will you get online on holiday? Read more

Make the most of your broadband overnight

Read more

The main causes of slow internet connections

Slow broadband can be more than just an irritant - but what causes it, and what can we do to fight back?

Read more

Do you need to ramp up your broadband controls?

Read more

The different types of home computer

Read more
Back To Top