Paul Szoldra/Business Insider
- Phishing scams in which hackers pose as trusted figures to trick people into handing over passwords are getting increasingly sophisticated.
- Security experts describe an arms race between services that weed out scammers and attackers developing new tricks and workarounds.
- Phishing is on the rise, and costing over $57 million from more than 114,000 victims in the US last year, according to a recent FBI report.
- Visit Business Insider's homepage for more stories.
Hackers don't break in, they log in.
That mantra, often repeated by security experts, represents a rule of thumb: The vast majority of breaches are the result of stolen passwords, not high-tech hacking tools.
These break-ins are on the rise. Phishing scams - in which attackers pose as a trustworthy party to trick people into handing over personal details or account information - were the most common type of internet crime last year, according to a recent FBI report. People lost more than $57.8 million in 2019 as the result of phishing, according to the report, with over 114,000 victims targeted in the US.
And as phishing becomes more profitable, hackers are becoming increasingly sophisticated in the methods they use to steal passwords, according to Tanmay Ganacharya, a principal director in Microsoft's Security Research team.
"Most of the attackers have now moved to phishing because it's easy. If I can convince you to give me your credentials, it's done. There's nothing more that I need," Ganacharya told Business Insider.
Ganacharya monitors phishing tactics in order to build machine-learning systems that root out scams for people using Microsoft services, including Windows, Outlook, and Azure, Microsoft's cloud computing service. This week, Microsoft announced that it will begin selling its threat-protection services for platforms including Linux, iOS, and Android.
Ganacharya spoke to Business Insider about the trends in phishing that his team has observed. Many of the tactics aren't new, but he said attackers are constantly finding new ways to work around defenses like Microsoft's threat protection. Here's what he described.