6 Disturbing Trends for Phishing Attacks You Need to Know About
One of the constants in the cybersecurity world is the need to keep up with phishing trends. Phishing is the number one attack method for everything from credential theft to ransomware attacks. It’s also an attack type that keeps morphing to become harder to spot and more devious.
Without ongoing IT security training and infrastructure assessment, organisations can easily fall prey to phishing emails. All it takes is one for a devasting and costly attack to occur.
In May of 2021, global phishing attacks skyrocketed by 281%, and they jumped another 284% in June.
Preventing phishing attacks includes deploying a multi-pronged strategy, one of those should be reassessing the phishing landscape regularly to learn of any new attack trends so you can inform your users and fortify your defences.
Following are the latest phishing attack trends that you need to know about so you can prepare your network safeguards accordingly.
Organised Crime Using Initial Access Brokers
Phishing and other forms of cyberattacks have largely been taken over by organised crime and state-sponsored hacking groups. This means that rather than an individual hacker conducting attacks, it’s often the work of a large criminal enterprise with multiple resources.
The money to be had from things like business email compromise and ransomware have these attacks now being run like a business. And just like legal businesses, these criminal groups are optimising their business model all the time.
One way they are doing this is through the increased use of initial access brokers. These are hackers or hacking groups that specliase in the first step of a hack, getting inside a network.
They use these specialists that have perfected their craft to offer the best chance of success for their ongoing attack campaigns.
Increased Use of SMS Phishing
Most users have been through multiple trainings on email-based phishing over the years, but many are not yet clued into phishing via text message.
SMS phishing is being used increasingly by hackers to fool users into doing things like downloading mobile malware or entering their login credentials into a fake login form.
Users need to now be particularly suspicious of unsolicited text messages and be careful of brand impersonation, which is also increasing in use by cybercriminals.
Business Email Breaches Being Monetised
Criminal groups go where the money is, which is why ransomware has been running rampant for the last few years. A new scam that is becoming lucrative for hackers is business email compromise.
This is when an online criminal group can breach the email account of someone in a company, preferably someone in a position of authority.
Once they do this, they can send out emails as if they were that person to employees, who will most likely initially believe a message is legitimate.
This tactic is often used to request employees purchase gift cards for some reason (which the email promises they’ll be reimbursed for). Once they send the gift card codes, the thieves make off with them.
More Brand Impersonation
Brand impersonation is happening more frequently in phishing. Phishing scammers have realised as users become savvier about unknown senders that they can significantly increase the chances of a click if the email looks like it’s from a company the employee knows.
This may be a large company like Amazon or even a smaller company like your website hosting firm. It’s always best to check by phone or another method with the company first, to see if an email that looks to be from them is legitimate before taking action.
Fake Internal Alert Messages
Some companies will have various alert messages that come through. These could be something like a file-sharing space warning or a password change notification.
Phishing scammers are faking these messages to make employees believe they are from an internal system, possibly automated. The urgent nature of the message often causes employees to take action before examining the message further.
Luring Credentials Away from Unhappy Employees
With most companies storing much of the organisation’s data in the cloud and using the cloud for many business processes (like email and customer support), hackers are looking to gain access via a user’s credentials.
They’ve begun trying to lure unhappy or disgruntled employees with the promise of a reward in exchange for their user credentials.
If an employee is unhappy with their company anyway, they could potentially be enticed by the promise of money into handing over their login information to a hacker.
Schedule a Phishing Security Review Today!
Don’t be in the dark about your phishing defences. GKM2 can assist your Sydney area business with a review of your IT security strategy and let you know of any weaknesses that could leave your company at risk.
Contact us today to learn more. Call +61 2 9161 7171 or reach out online.