It seems you can’t have a complete conversation about network security without mentioning phishing. This is because phishing is still the main driver of all types of attacks throughout the world.
Getting a user to initiate an infection of malware or give up their login credentials by typing them into a fake sign-in form is often the easiest (and sometimes only) way a hacker can breach a company network or cloud account.
Phishing continues to get more dangerous for a few reasons:
- Use of automation and AI to enable more attacks in less time
- Continuous optimisation of campaigns by large criminal groups to make them more profitable
- RaaS (Ransomware as a Service) and similar democratisation of attacks
- With optimisation, attack volume is increasing
In May of 2021, phishing attacks surged by 281%, and then rose another 284% in June.
To keep your business properly protected against a devastating cyberattack that’s facilitated by phishing, it’s important to know that new phishing trends are emerging.
Following are the latest attack trends you need to be on the lookout for.
Text Message is the New Email for Phishing
If users have been well trained in phishing detection, then they know to be suspicious of any unexpected emails, especially those using urgency to prompt some type of action.
However, many users aren’t that careful when it comes to text messages. This leaves them open to falling for a “smishing” (phishing via SMS) scam that can be just as impactful to a company network as the email version.
Mobile numbers are easier to get, with some mobile providers even selling their lists to marketing firms. This is coupled with the fact that we now are used to getting text messages from more than just friends and family. We get them for shipping notices, retailer sales, prescription refills, and more. This makes it easy for scammers to get a user to fall for something like a fake SMS shipment notice, and this is being exploited.
Unhappy Employees? They Could Be Lured to Hand Over Their Password
Disgruntled employees can’t just hurt company productivity, they can also be a source of risk when it comes to IT security.
A new trend being seen is for phishing attackers to offer employees money for their login to a company cloud account. If an employee is unhappy and doesn’t think they’ll get caught, they may just take the hacker up on their offer and compromise your company data and network.
Business Email Compromise (BEC) Is Giving Bigger Hacker Payouts
Ransomware has been one of the biggest money-makers in the cybercriminal world for several years. Now, another type of attack is also becoming lucrative, meaning the volume is going up.
Business email compromise allows hackers to send out emails to other company employees or anyone else in a person’s contact list. Because these phishing emails are coming from a known email address, recipients are much more likely to take action, such as buying gift cards and sending over the numbers to the attacker.
Spear Phishing is Increasingly Being Used Against Small Businesses
Small businesses need to watch out for even more sophisticated and targeted attacks. They used to mainly see generic phishing emails, which can often be easier to spot than personalised ones.
But with phishing efficiency improvements, hackers now can spend the time it takes to personalise a targeted attack (called spear phishing) for smaller companies and still make money.
Extortion is a Tactic Growing in Popularity
One additional phishing tactic that has been on the rise is extortion via email, direct message on social media, or SMS.
The attacker will claim to have some damaging information on the person (which in most cases is made up). They may claim that their computer has been infected with the latest virus in the news and that they’ve been able to watch them through their webcam and track all their movements online.
The person, afraid of any embarrassment, will often pay the attacker so they won’t release the information online, without even questioning whether or not what they’re saying is true.
Specialists Are Being Brought In to Initiate the Breach
Many phishing attacks are run by underground criminal organisations and state-sponsored hacking groups. They run their attacks as a business, and just like other companies, they bring in outside contractors that specialise in a certain area.
A trend that’s being seen is the use of Initial Access Brokers. These are hackers that specialise in that first breach of a company network. Once they get in, they hand over the information to the organisation that employed them.
This makes attacks more dangerous because experts that do nothing but breach company networks are often at the helm for the first part of the attack.
How Strong Are Your Company’s Phishing Safeguards?
Connected Platforms can help your Brisbane area business with a full audit of your current IT security protections and make recommendations for any found areas of risk.