Cybersecurity expert demonstrates ease of phishing attacks
A cybersecurity expert has revealed just how simple it is to execute a phishing attack, comparing it to the ease of assembling flat-pack furniture.
In a new video produced by NordPass, the expert walks through the process, from purchasing leaked emails on the dark web to creating a fake website and stealing credentials.
The demonstration highlights the alarming accessibility of phishing, a method criminals frequently use to steal personal or corporate data, often leading to costly data breaches. Recent figures indicate that the average cost of a data breach in 2024 reached $4.88 million, with some breaches taking nearly 300 days to resolve.
“The median time users fall for phishing emails is less than 60 seconds,” says Adrianus Warmenhoven, a cybersecurity expert at Nord Security. “Nevertheless, preparing and performing a phishing attack does not take much time. Actually, phishing is easier than assembling flat-pack furniture.”
The video illustrates how readily available tools and resources have made phishing attacks more prevalent and effective. Warmenhoven explains that criminals leverage AI to create convincing emails that appear to originate from trusted sources. Furthermore, cloning entire websites for deceptive purposes can be accomplished with just a few clicks, requiring no advanced coding skills.
Warmenhoven emphasizes the importance of awareness training to help individuals recognize suspicious emails, links, and attachments. He also recommends several practical steps to bolster protection against phishing:
- Monitor for compromised data: Regularly check accounts and services for signs of data exposure using tools like Dark Web Scanners and enable breach alerts.
- Utilize password managers: Configure password managers to require URL matching before autofilling credentials, preventing accidental input on fake websites.
- Create strong, unique passwords: Avoid reusing passwords across different accounts and use a password generator to create complex passwords.
- Enable multi-factor authentication (MFA): Add an extra layer of security to login processes wherever possible.
The expert’s demonstration serves as a stark reminder of the constant threat posed by phishing and the need for individuals and organizations to take proactive steps to protect themselves. With phishing attacks becoming increasingly sophisticated, a combination of awareness, strong security practices, and the use of security tools is crucial for mitigating the risk of falling victim to these scams.
