Cybercriminals are employing the most sophisticated phishing techniques using brand impersonation, social engineering and phishing to lure in victims to take over their email accounts according to a study by Researchers from Barracuda and UC Berkeley.

Attacks happen in phases and this report does a good job following them. Account takeover attacks start with the theft of the credentials, either through a system breach, malware, or phishing. There are three broad phases for an attack: gathering the data, testing the data, and monetizing the data. No single fraudster is skilled at all three phases, forcing them to collaborate and leverage each other’s resources. Phishing emails trick victims into clicking on links or on documents that appear legitimate, only to automatically download key loggers or other malware tools used to harvest credentials. Because of the different stages of fraud, we often see time gaps between one step and the next, such as between a successful login into one account and the time when there was malicious activity in the account. Similarly, bad actors use software to attack multiple accounts within seconds, using the cloud or hijacked home computers to originate these attacks, to blend their traffic in to the general internet flow. Technologies that have visibility into these suspicious activities within an account, such as behavioral and device intelligence technologies, can mitigate the attacks before they create any damage for the account owner or the company.