Whenever you see a data breach or ransomware attack in the news, phishing is usually involved. It’s been the best way for cybercriminals to introduce malware and other types of attacks into an organization because it depends upon human error.
No network security strategy is complete without protections against phishing and employee training on how to spot phishing. However, phishing is always evolving, thus your phishing safeguards should as well.
Several new dangerous trends have been spotted in phishing attacks that organizations need to be aware of. These involve everything from new delivery methods for phishing scams to direct targeting of employees with bribes.
Phishing attack volume is also skyrocketing, with attacks increasing by 284% in June of 2021 alone.
What new phishing trends might impact your business in the coming year?
We’ll go through some of the most prevalent below so you can inform your team of what to watch out for.
Small Businesses Are Being Targeted with Spear Phishing
Spear phishing is a targeted form of phishing that uses personalized emails that are spoofed to look like they come from an account that the recipient may know. It could be a vendor that you may do business with, like a website host, or it may even look like it’s coming from a department inside your organization.
Because of personalization, spear phishing has a higher rate of user clicks than a generic email, which is why hackers go through the trouble to research these attacks.
Security experts are increasingly seeing spear-phishing targeted at small businesses, rather than just enterprise companies.
You should make your employees aware that they cannot automatically trust the sender’s name or email address on a suspicious message.
Business Email Compromise Is Getting Worse
One way that hackers send convincing spear-phishing campaigns is to compromise a user’s email account. If they can gain login credentials to a platform like Microsoft 365 or Google Workspace, they can then send out very convincing emails from a trusted user’s account.
The trend here is that these types of emails are being monetized, often with a phishing email that asks recipients to purchase gift cards for some company event and then send the numbers by email. The thieves make off with the gift cards and sell them on the Dark Web.
Unhappy Employees Are Being Targeted to Hand Over Their Passwords
In efforts to break into more user cloud accounts, cybercriminals are getting bolder. They’re now coming right out and asking employees to hand over their user credentials.
Of course, most employees would turn this type of email right over to IT or their supervisor when it’s received. But hackers don’t care about those employees, they’re looking for the ones that may be unhappy or disgruntled that could be lured with a little cash to email or text their password.
Business Impersonation Is on the Rise
Business impersonation, also known as spoofing a company, is another rising trend in phishing attacks. Hackers are creating more sophisticated emails that are identical in look to the ones that legitimate companies like Netflix or Amazon send to customers.
Employees need to be made aware that look-alike emails can be very convincing and even have email addresses that use the real company name as part of the domain.
When receiving an unexpected email of any kind, it’s best to scrutinize it, get a second opinion, and not take any type of action until you are absolutely sure it’s not a scam.
Hackers Are Increasingly Using Initial Access Brokers
Many of the phishing attacks you see these days aren’t sent out by one hacker sitting in a dark room. Rather, they’re sent out by employees that work for large criminal organizations that see things like data breaches and ransomware as a business.
In their efforts to continually optimize phishing attacks, these criminal groups are turning to outsourced experts. They’re bringing in what is known as initial access brokers. These are hackers that specialize in getting a “foot in the door,” and breaching a company network.
Once breached, they give control over to their employer.
Text Messaging Is Becoming Fertile Ground for Phishing Attacks
Phishing is beginning to migrate from email to text messages. People get an increasing number of texts for things like shipping notices and sales from retailers.
This is making it easier for hackers to slide their fake text messages in and have users mistake them for a legitimate text. Once they click on a link that takes them to a malicious site, their device can be instantly infected with malware.
Is Your Network Properly Secured from the Latest Phishing Threats?
Onsite Techs of Rhode Island can work with your business to review your current phishing safeguards and provide recommendations for any areas of risk.
Contact us today to schedule a consultation at 401-773-7766 or book a video call now.
