www.akamai.com Open in urlscan Pro
2a02:26f0:1700:38e::b63  Public Scan

Form analysis
2 forms found in the DOM

<form role="combobox" aria-expanded="false" aria-haspopup="listbox" aria-labelledby="downshift-0-label">
  <div class="sui-search-box">
    <div class="sui-search-box__wrapper"><input aria-autocomplete="list" aria-labelledby="downshift-0-label" autocomplete="off" id="downshift-0-input" placeholder="Search" class="sui-search-box__text-input " aria-label="Search"
        value=""><label></label></div>
  </div>
</form>

<form role="combobox" aria-expanded="false" aria-haspopup="listbox" aria-labelledby="downshift-1-label">
  <div class="sui-search-box">
    <div class="sui-search-box__wrapper"><input aria-autocomplete="list" aria-labelledby="downshift-1-label" autocomplete="off" id="downshift-1-input" placeholder="Search" class="sui-search-box__text-input " aria-label="Search"
        value=""><label></label></div>
  </div>
</form>

Text Content

Twitter LinkedIn Email

Close

X
Skip to main content

Akamai announces intent to acquire Noname Security, extending comprehensive API
protection for customers across all environments. Read more

Close Button
+49-8994006308
Login
Control Center
Access the Akamai platform
Cloud Manager
Manage your cloud resources
en
 * English
 * Deutsch
 * Español
 * Français
 * Italiano
 * Português
 * 中文
 * 日本語
 * 한국어


Try Akamai
Under Attack?
Back
 1. Products
 2. Solutions
 3. Why Akamai
 4. Resources
 5. Partners
 6. Contact Us

+49-8994006308
Back

PRODUCTS

Back
 1. Cloud Computing
 2. Security
 3. Content Delivery
 4. All Products and Trials
 5. Global Services

+49-8994006308
Back

CLOUD COMPUTING


CLOUD COMPUTING

Learn more
Create a Cloud Account


COMPUTE

Build, release, and scale faster with VMs for every workload

See all


NETWORKING

Secure your network, balance traffic, control your infrastructure

See all


CONTAINERS

Efficiently orchestrate containerized applications

See all


DEVELOPER TOOLS

Get the most out of your applications with advanced management tools

See all


STORAGE

Deploy dependable, easily accessible storage and management

See all


DATABASES

Scale easily with simple and reliable managed databases

See all
Create a Cloud Account

SECURITY


SECURITY

Learn more


APP AND API SECURITY



API SECURITY

Discover and monitor API behavior to respond to threats and abuse


APP & API PROTECTOR

Protect web apps and APIs from DDoS, bots, and OWASP Top 10 exploits


CLIENT-SIDE PROTECTION & COMPLIANCE

Assist with PCI compliance and protect against client-side attacks

ZERO TRUST SECURITY



AKAMAI GUARDICORE SEGMENTATION

Mitigate risk in your network with granular, flexible segmentation


SECURE INTERNET ACCESS

Proactively protect against zero-day malware and phishing


HUNT

Stop the most evasive threats with proactive threat hunting


ENTERPRISE APPLICATION ACCESS

Granular application access based on identity and context


AKAMAI MFA

Harden against account takeovers and data breaches with phish-proof MFA

ABUSE AND FRAUD PROTECTION


ACCOUNT PROTECTOR

Mitigate account abuse and grow your digital business


CONTENT PROTECTOR

Stop scrapers, protect intellectual property, and increase conversion


BRAND PROTECTOR

Detect and mitigate fraudulent representations of your brand


BOT MANAGER

Welcome the bots you want and mitigate those you don’t


IDENTITY CLOUD

Add secure, cloud-based identity management to your websites or apps

INFRASTRUCTURE SECURITY



EDGE DNS

External authoritative solution for your DNS infrastructure


PROLEXIC

Protect your infrastructure from distributed denial-of-service attacks

CONTENT DELIVERY


CONTENT DELIVERY

Learn more


APPLICATION PERFORMANCE



ION

Improve the performance and reliability of your website at scale


API ACCELERATION

Improve the performance and reliability of your APIs at scale

MEDIA DELIVERY



ADAPTIVE MEDIA DELIVERY

High-quality video delivery for any screen to global audiences


DOWNLOAD DELIVERY

Deliver large file downloads flawlessly, every time, at global scale


DEDICATED DELIVERY

Deliver broadcast-quality video while maximizing network efficiency

EDGE APPLICATIONS



EDGEWORKERS

Execute custom JavaScript at the edge, near users, to optimize UX


EDGEKV

Distributed key-value store database at the edge


IMAGE & VIDEO MANAGER

Automatically optimize images and video for every user, on any device


MEDIA SERVICES LIVE

Reliably ingest and deliver low-latency live video at global scale


CLOUDLETS

Predefined apps that run at the edge for specific business needs


CLOUD WRAPPER

Use an efficient caching layer to improve origin offload


GLOBAL TRAFFIC MANAGEMENT

Optimize performance with intelligent load balancing

MONITORING, REPORTING, AND TESTING



DATASTREAM

Low-latency data feed for visibility and ingest into third-party tools


MPULSE

Measure the business impact of real user experiences in real time


CLOUDTEST

Site and application load testing at global scale




SOLUTIONS

Back
 1. Use Cases
 2. Industry Solutions

+49-8994006308
Back

USE CASES


CLOUD COMPUTING



MEDIA

Deliver an engaging, interactive video experience


SAAS

Build with portability, performance, and efficiency from cloud to client


GAMING

Improve the gamer experience with low latency and high availability


SECURITY



APPS AND APIS

Protect your brand by securing apps and APIs from persistent threats


ZERO TRUST

Deploy one platform for comprehensive coverage and deep visibility


DDOS PROTECTION

Protect your infrastructure from DDoS and DNS attacks


ABUSE AND FRAUD PROTECTION

Stop account abuse, sophisticated bot attacks, and brand impersonation


CONTENT DELIVERY



APP AND API PERFORMANCE

Improve user engagement through app & API optimization


MEDIA DELIVERY

Deliver seamless streaming and download experiences to any device


EDGE COMPUTE

Build and deploy on the world’s most distributed edge platform



INDUSTRY SOLUTIONS


MEDIA AND ENTERTAINMENT


RETAIL, TRAVEL, AND HOSPITALITY


FINANCIAL SERVICES


HEALTHCARE AND LIFE SCIENCES


PUBLIC SECTOR


GAMES


IGAMING AND SPORTS BETTING


PUBLISHING


NETWORK OPERATOR

WHY AKAMAI


COMPANY

Discover how we power and protect life online

Learn more


OUR PLATFORM

Explore Akamai Connected Cloud

Learn more




RESOURCES

Back
 1. Library
 2. Learn
 3. Security Research
 4. Developer Resources
 5. Blog
 6. Events

+49-8994006308
Back

LIBRARY


LIBRARY

See all



PRODUCT BRIEFS


REFERENCE ARCHITECTURES


CUSTOMER STORIES


EBOOKS


WHITE PAPERS


WEBINARS


VIDEOS





LEARN


LEARNING HUB

Educational resources and training for Akamai products and services


GLOSSARY

Key concepts in security, cloud computing, and content delivery



SECURITY RESEARCH


AKAMAI SECURITY RESEARCH

Insights and intelligence from the Akamai Security Intelligence Group


STATE OF THE INTERNET REPORTS

In-depth analysis of the latest cybersecurity research and trends






PARTNERS

Back
 1. Find a Partner
 2. Become a Partner
 3. Cloud Computing Marketplace

+49-8994006308
Back

FIND A PARTNER


WHY CHOOSE AN AKAMAI PARTNER

Learn about our industry-leading ecosystem of partners



BECOME A PARTNER


CHANNEL PARTNERS

Unlock more profit, focus on what matters, and deliver with confidence


TECHNOLOGY PARTNERS

Create more value for joint customers with seamless integrations




CONTACT US


CONTACT SALES

Have questions? We can help.

Contact us


CUSTOMER SUPPORT

Need technical support? We are here 24/7.

Get support



Login
Control Center
Access the Akamai platform
Cloud Manager
Manage your cloud resources
en
 * English
 * Deutsch
 * Español
 * Français
 * Italiano
 * Português
 * 中文
 * 日本語
 * 한국어


 1. Blog
 2. Security
 3. Phishing: The Oldest and Wisest Attack Vector


PHISHING: THE OLDEST AND WISEST ATTACK VECTOR

Written by

Jim Black and Or Katz

April 19, 2023

Written by

Jim Black

Jim Black is a Senior Product Marketing Manager in Akamai's Enterprise Security
Group. He has spent his entire career in technology, with roles in
manufacturing, customer support, business development, product management,
public relations, and marketing. 

Written by

Or Katz

Or Katz is a security researcher driven by data, constantly focused on
developing innovative security products and transforming security challenges
into scientific solutions. His passion lies in analyzing the threat landscape
from both macro and micro perspectives, paying close attention to details and
the big picture alike, to understand what makes threats tick and uncover the
stories behind them. As a respected thought leader in the security industry, he
frequently speaks at conferences and has published numerous articles, blogs, and
white papers on a range of topics, including web application security, threat
intelligence, internet scams, and defensive techniques.

Share





WHAT IS PHISHING?

Phishing is an evergreen security problem that’s been around since the earliest
days of our connected world. Back then, people were unaware of the concept of
phishing and, despite the terrible spelling and grammar in the emails, people
still responded to fictitious African kings who promised them great riches. 

However, the nature of phishing has changed dramatically over the years and is
now delivered on an industrial scale. Today’s phishing techniques have made it
significantly harder for users to determine if that email from their favorite
brand is genuine or fake.

Despite the changes we have seen in phishing attacks over the years, the key
motivation for the cybercriminals remains the same: to trick people into
disclosing confidential information, such as login credentials for their online
accounts. Once the criminals have that information, they either resell the
account logins on the dark web, or use the credentials themselves to access the
accounts.


HOW HAVE PHISHING ATTACKS CHANGED?

The most significant change in phishing attacks is that the criminals now
leverage off-the-shelf phishing toolkits that allow them to quickly build and
deliver very sophisticated phishing campaigns at scale. The phishing kits can be
bought for as little as a few hundred dollars, and they allow the attackers to
create a full phishing campaign, including emails and customer login pages that
look identical to the targeted brand’s login page. 


PHISHING KITS: AS-A-SERVICE TOOLS AND PRODUCTS

In addition, the suppliers of the kit will often offer a full
phishing-as-a-service product, which means the criminals don’t even have to
worry about sending out the emails.

The availability of low-cost phishing kits and phishing-as-a-service tools
allows criminals to release new campaigns very quickly. According to Akamai data
on phishing campaigns that used more than 300 different phishing toolkits, 2% of
the tracked kits were reused on at least 54 distinct days during the 90-day
period of Q4 2022. Furthermore, 55% of the kits were reused for at least four
days, and among all the tracked kits, 100% were reused for no fewer than two
distinct days over the same period.

The frequency and volume of these phishing attacks makes it exceptionally
difficult for brands’ security teams to deal with this problem. No sooner has
one phishing attack targeting its customers’ been thwarted, then another is
already underway. The same Q4 2022 data revealed that some brands had seen more
than 300 domains that were created with the same phishing kits that mimicked
their brand. 


PHISHING IS NO LONGER JUST EMAIL

Another big change is that phishing no longer includes just email. Attackers now
use multiple channels — email, SMS, messaging, and social media — to deliver and
amplify phishing campaigns. Akamai frequently observes attacks that promise
rewards for completing a simple quiz; for example, a free backpack for answering
three simple questions.

In late 2022, Akamai security researchers uncovered a new phishing kit that was
being used to mimic several large retail brands ahead of the holiday season. 
The kit used a combination of social engineering, multiple evasion techniques,
and access control to bypass security measures. 

One of the evasion techniques — utilizing URI fragmentation — is novel. The
email through which the scam is delivered contains a token that is later used to
reconstruct a URI link to which the victim will be redirected. Any access to a
phishing scam without obtaining and using that token will be restricted from
accessing the phishing landing page.

These campaigns are usually accompanied by numerous fake testimonials from
previous “winners” that are used to gain the victims’ trust and to inject a
sense of urgency.  A new approach to this technique is the creation of fake user
forums in which previous winners discuss their prize. 

The attackers target highly popular brands because that increases the odds of
their campaigns reaching the most customers. It's simply a numbers game: If the
attackers send out, say, 500,000 emails, then it's highly likely a decent
percentage of the recipients are existing customers of the brand. Once the
attackers have garnered the targeted brand’s customers details, they can then
use that list to launch more targeted campaigns. 



ATTACKERS ARE PRIMARILY TARGETING CONSUMERS

One final insight from the Q4 2022 data is that 93% of phishing attacks are
targeted at consumers, which shows that the attackers perceive the barriers to
success are significantly lower than when targeting businesses.

The combination of the industrial scale of the sophisticated phishing attacks
against consumers and the high frequency of these campaigns presents a
significant problem for brands that are being targeted. A customer who falls for
one of these attacks, and has their account compromised, is very likely to
develop a negative perception of the brand and may take their business
elsewhere.  



AKAMAI’S EFFORTS TO PROTECT YOUR CUSTOMERS

So, what else can brands do to further proactively protect their customers
against these attacks?

In our next blog post, we’ll share more of our security research findings on
phishing attacks and give best practice guidance on how to protect your
organization’s customers against these types of attacks.


LEARN MORE

If you are headed to the RSA Conference 2023, stop by the Akamai booth to see
demos and hear technical talks about our latest security tools. If you won’t be
there in person, follow us on LinkedIn for announcements and video clips.

Follow us

--------------------------------------------------------------------------------

 * Security
 * Phishing

Share



--------------------------------------------------------------------------------

Written by

Jim Black and Or Katz

April 19, 2023

Written by

Jim Black

Jim Black is a Senior Product Marketing Manager in Akamai's Enterprise Security
Group. He has spent his entire career in technology, with roles in
manufacturing, customer support, business development, product management,
public relations, and marketing. 

Written by

Or Katz

Or Katz is a security researcher driven by data, constantly focused on
developing innovative security products and transforming security challenges
into scientific solutions. His passion lies in analyzing the threat landscape
from both macro and micro perspectives, paying close attention to details and
the big picture alike, to understand what makes threats tick and uncover the
stories behind them. As a respected thought leader in the security industry, he
frequently speaks at conferences and has published numerous articles, blogs, and
white papers on a range of topics, including web application security, threat
intelligence, internet scams, and defensive techniques.


RELATED BLOG POSTS

There are many different kinds of good and bad bots, and it’s important to be
able to distinguish whether a bot is helpful or harmful.


HAVE WEB TRUST ISSUES? BOT MANAGEMENT CAN HELP

May 22, 2024
Bot management involves detecting, identifying, and blocking or allowing bots
that interact with websites, applications, and networks.
by Christine Ferrusi Ross
Read more
Unfortunately, the number of DNS attacks is on the rise across industries and
around the world.


HOW TO DEFEND AGAINST RELENTLESS DNS ATTACKS

May 20, 2024
Enterprise organizations, their employees, and their customers are better
protected from cyberattacks when their DNS is properly secured.
by Steve Winterfeld and Jim Gilbert
Read more
Because threat actors quickly shift their targets, tactics, and motivations,
staying on top of risks as you innovate requires a layered defense.


DDOS ATTACKS AGAINST LIFE SCIENCES ORGANIZATIONS LIKELY TO RISE

May 17, 2024
Discover insights about rising DDoS attacks on life sciences and pharmaceutical
organizations, and how to help protect against emerging threats.
by Carley Thornell
Read more

Rate the helpfulness of this page




PRODUCTS

 * Cloud Computing
 * Security
 * Content Delivery
 * All products and trials
 * Global Services


COMPANY

 * About Us
 * History
 * Leadership
 * Facts and Figures
 * Awards
 * Board of Directors
 * Investor Relations
 * Environmental, Social, and Governance
 * Ethics
 * Locations


CAREERS

 * Careers
 * Working at Akamai
 * Students and Recent Grads
 * Workplace Diversity
 * Search Jobs
 * Culture Blog


NEWSROOM

 * Newsroom
 * Press Releases
 * In the News
 * Media Resources


LEGAL & COMPLIANCE

 * Legal
 * Information Security Compliance
 * Privacy Trust Center
 * Cookie Settings
 * EU Digital Services Act (DSA)


GLOSSARY

 * What Is Zero Trust?
 * What Is a CDN?
 * What Is Cloud Computing?
 * What Is Cybersecurity?
 * What Is a DDoS attack?
 * See all

Twitter Facebook Youtube Linkedin
 * EMEA Legal Notice
 * Service Status
 * Contact Us

--------------------------------------------------------------------------------

 * EMEA Legal Notice
 * Service Status
 * Contact Us

 * en
    * English
    * Deutsch
    * Español
    * Français
    * Italiano
    * Português
    * 中文
    * 日本語
    * 한국어

©2024 Akamai Technologies




YOUR COOKIE CHOICES FOR THIS WEBSITE

We use cookies to ensure the fast reliable and secure operation of this website,
to improve your website experience, to enable certain social media interactions
and to manage your cookie choices. Some cookies process personal data. By
agreeing to the placement of the cookies you also agree to the related personal
data processing activities, where applicable. Click “Manage Preferences” to make
individual choices and get details on the cookies in use and the processing
activities in the Cookie Details section, click “Accept Cookies” to agree to the
storing of all cookies except for strictly necessary cookies and the data
processing activities or click “Reject Cookies” to reject all cookies except for
strictly necessary cookies. You can withdraw your consent at any time by
clicking on the Cookie Icon that appears at the lower left corner when scrolling
the website. For additional information relating to your privacy take a look at
ourPrivacy Statement.

Reject Cookies
Accept CookiesManage Preferences