Phishing seems like it has been around since the beginning of email itself. Scammers have used the medium to send lies and threats to users in an attempt to get them to do something.
In the past, phishing would involve asking you to send money to some “prince” in a foreign country. Today’s phishing emails are much more sophisticated than that and can look identical to an email you might get from your bank. All it takes is a simple link to click that goes to a website spoofed to look exactly like the one that you usually use.
Phishing continues to evolve. That is why it never seems to go away even though security solutions crop up to try to combat it. It is the number one attack method used in data breaches and malware infections which makes it a serious threat to network security.
In May of 2021, phishing increased 281% and in June it increased another 284%.
To keep your team well-trained on phishing detection and protect your company from potential ransomware or other malware infections, it’s important to stay knowledgeable of phishing attack tactics.
The newest trends in phishing that you need to watch out for are listed below.
More Use of Initial Access Brokers
Outsourcing is common for companies. For example, they might outsource their marketing campaign design to a marketing company that specializes in that one thing and is an expert at bringing in leads.
Cyberattacks are becoming the domain of large criminal enterprises and are being run more like a business every day. One new trend is that the initial breach of a company network is now often being outsourced to what is known as an initial access broker.
The initial access broker only does that one thing – breach company networks through malware or other methods – so they’re experts at getting in. Once in, they hand off that access to their client.
Phishing Campaigns Are Targeting Smaller Companies
It used to be that the work that went into sending a targeted phishing campaign was reserved for the larger organizations. That is not the case any longer for the following two reasons:
- Ransomware campaigns can be sent by novices through RaaS (Ransomware as a Service) which increases the number of attackers significantly.
- Enterprise networks have become much harder to breach than small business networks.
Smaller companies are now being sent targeted phishing campaigns. These targeted campaigns have a better chance at hitting their mark because they contain researched information. For example, it may be spoofed to look like an email is coming from a company’s vendor or a high-level executive that works at that company.
Hackers Reaching Out to Disgruntled Employees for Credentials
Credential theft has been on the rise along with the adoption of cloud services. Cloud accounts are typically only protected through the passwords of the account users. If the hackers can get one of their passwords, they gain access to the system to launch an attack.
Hackers are increasingly reaching out to employees and looking for those that might be disgruntled and willing to give up their login credentials for a little cash. The person feels like they’re not technically conducting any kind of breach themselves. The perfect target is someone that is unhappy with a manager because they are more likely to be persuaded to go along with it.
Brand Impersonation Used to Fool Users
The impersonation of brands is a continuing trend for phishing attacks. Clever emails look exactly like the one you might get from another company or even like your own organization’s emails.
For example, this email that appears to be from Bank of America is actually a scam. It uses a cleverly spoofed email address that looks like it could be real. If you look it up online, it is revealed to be a phishing scam.
These spoofed emails often impersonate brands to fool people and are incredibly well-designed to look like carbon copies of the original.
Spoofed Text Messages
Phishing through text messages is becoming more common and the danger here is that users aren’t as aware of these. We get an SMS for everything now from a shipment delivery to haircut reminders.
It’s easy for a scammer to spoof a text message and make you think it’s something like a prescription refill notice or even a survey from your gym. Texts often use those shortened URLs that make it more difficult to know where the link is taking you.
It’s important to be aware of incoming text messages that are unexpected (just like you are about emails). Texting has become the new emailing in many regards and phishing attackers are jumping on board to take advantage.
How Well-Protected Is Your Network from Phishing Attacks?
Don’t fall victim to a phishing attack! Sound Computers can help your Connecticut business review the safeguards that you have in place and suggest ways to shore up your defenses.
Contact us today to schedule a free consultation. Call 860-577-8060 or reach us online.