When you get a phishing email, it’s often not a single hacker on the other end of the attack. Many times, it’s a large criminal organization that treats phishing attacks as a business, thus they are always working to optimize them to get more money from victims.
Phishing has evolved from those “Foreign Prince” emails full of spelling errors to text messages and emails that look exactly like those you get from a bank or a service provider. Phishing has also been democratized, meaning it’s easier for anyone to conduct a phishing attack thanks to the rise of Ransomware as a Service (RaaS) platforms that package attacks in DIY plans.
This year, phishing volume has been increasing at an alarming rate. In May of 2021, phishing attacks rose 281%, and in June, increased another 284%.
This underscores the fact that IT security is not a “one time and done” activity. To keep their businesses safe from online threats, companies need to continually review their cybersecurity protections to ensure they’re keeping up with the latest trends.
Another important area of IT security is employee security awareness training. Statistics show that well-trained employees reduce the risk of a cyberattack by as much as 70%.
Following are some of the newest phishing attack trends to be aware of and share with your team.
Watch Out for These Dangerous Phishing Trends
Use of Initial Access Experts
In efforts to optimize that first entry into a cloud platform or company network, phishing attackers are outsourcing. Initial Access Brokers are experts that specialize in getting that first click or download from a phishing message.
They’ll often go to elaborate means, putting up fake phishing sites that look just like the real thing and purchasing look-alike domains to fool users. They can do this because those phishing sites are actually being used for multiple phishing attack campaigns.
This means that phishing is becoming harder to spot because these experts are brought in.
Phishing by Text Message is Increasing
While many employees have now learned to be wary of unexpected emails coming into their inboxes, many haven’t realized that text messages also are being used for phishing.
Text messages come in more frequently, and not just from family and friends. We now can get 10% off something by signing up for messages from retailers. This opens the door to scammers impersonating brands and sending you what looks to be a text message from a store you know but is actually a link leading to a dangerous phishing site.
Users need to be just as wary of unexpected text messages as they are of emails because scammers are moving to this medium in many of their attacks.
Business Email Compromise (BEC) in on the Rise
Compromised credentials have jumped to the number one cause of data breaches. Many companies are now storing much of their business data in cloud accounts and using the cloud for business email, which makes login credentials a prime target.
Criminal groups have begun monetizing business email compromise. Once they’ve been able to gain control over a user account with email, they can then unleash email messages from that account. Many users inside a company will believe these are real because they recognize the sender’s address.
A common scam that is perpetrated using BEC is sending emails from a compromised account (preferably of someone at a managerial level) that instruct employees to purchase gift cards for either client or employee gifts and to send the numbers via email.
The email will promise reimbursement and usually includes some note about “being in a meeting and unreachable” to discourage the employee from reaching out to ask questions. The hackers then make off with the gift cards.
Targeted Campaigns Increasing Against Smaller Businesses
Small businesses are not safe from being targeted with spear phishing. These targeted attacks use personal information sprinkled into an email to make it more believable.
Additional research (on sites like LinkedIn, for example) will be done on a company to personalize emails. The reason is that these targeted campaigns often get much better “hit rates” than generic phishing campaigns.
Spear phishing used to be mainly seen in larger companies, but now attackers are sending these targeted campaigns increasingly to smaller businesses.
Luring Disgruntled Employees to Get Login Credentials
One new phishing tactic being used to gain access to a cloud account through employee credentials is to offer money to employees themselves.
Hoping to find some disgruntled employees, criminals will send out emails offering cash for credentials. If an employee isn’t happy with their boss and they don’t think they’ll get caught, they may just take the offer and hand over their login to a company cloud account to a cybercriminal.
Get Help Putting Phishing Safeguards In Place Today!
Is your IT security plan adequate to defend you against the newest phishing attack trends? Carl’s Computer Care can review your Louisiana company’s cybersecurity protections and make any needed suggestions to reduce your risk.
Contact us today to schedule a consultation! Call 225-315-3498 or reach us online.