• Phishing Scams in which hackers pose as trusted figures to trick people into handing over passwords are getting increasingly sophisticated.
  • Security experts describe in arms race between services that weed out scammers and attackers developing new tricks and turnaround
  • Phishing is on the rise, costing over $57 million from more than 114,000 victims in the US last year, according to the FBI recent report

Hackers don’t break in, they log in.
That mantra, often repeated by security experts, represents a rule of thumb: The vast majority by breaches are the result of stolen passwords, not high-tech hacking tools.

These break-ins are on the rise. Phishing scams – in which attackers post as trustworthy party to trick people into handing over personal details or account information – were the most common type of internet crime last year, according to a recent FBI report. People lost more that $57.8 million in 2019 as the result of phishing, according to the report, with over 114,000 victims targeted in the US.

And as phishing becomes more profitable, hackers are becoming increasingly sophisticated in the methods they use to steal passwords, according to Tanmay Ganacharya, a principal director in Microsoft’s Security Research team.

“Most of the attackers have now moved to phishing because it’s easy. If I can convince you to give me your credentials, it’s done. There’s nothing more that I need, “Ganacharya told Business Insider.

Ganacharya monitors phishing tactics in order to build machine-learning systems that root out scams for people using Microsoft services, including Windows, Outlook, and Azure, Microsoft’s cloud computing service. This week, Microsoft announced that it will begin selling its threat-protection services for platforms including Linux, iOS, and Android