One of the biggest threats that companies need to defend against is phishing. These socially engineered messages come to employees in multiple forms and are getting more sophisticated every year.
While protections like DNS filtering, system monitoring, and email filtering can help reduce your risk. It’s also important to remain aware of new types of phishing attacks so your users can be warned and ready.
A well-informed team is one of your best cybersecurity protections.
What’s coming in 2022 that you need to be aware of? Here are some of the biggest phishing trends threatening business security.
Phishing via Text Message (aka Smishing)
The growth of phishing sent through SMS is taking many people off guard. While employees are often trained on how to spot phishing via email, most aren’t expecting to see it come in via text.
Unfortunately, mobile phone numbers are no longer as private as they once were, and hackers are using lists of these numbers to launch phishing attacks. These attacks will fake a shipping notice or sale SMS from a retailer that people have become used to getting via text.
In the first 6 months of 2021, smishing attacks increased by 700%.
Extortion Being Used With Fake Information
A new type of phishing attack is emerging that tries to extort money from the recipient via threats of an embarrassing video of them at their computer.
The threat will often use the name of some virus or malware that’s been in the news lately to add an air of legitimacy. It will state that the person’s device was infected with this malware and the attacker was able to record video and screenshots of the person doing something they shouldn’t on their computer.
The email demands money to destroy the “evidence.” People often pay even if they haven’t done anything wrong because they’re afraid of what the hacker might have. Most times, the attacker is making the whole thing up and does not have any video of the person at all.
Small Businesses Are Facing Targeted Phishing Attacks
Spear phishing is a targeted form of phishing that tailors an attack on a company. For example, phishing might use the name of a vendor the company uses to launch an attack that is more likely to get a hit because users recognize the company logo/signature in a spoofed email.
Because of the time and effort that spear-phishing takes, it has generally only been used on larger companies in the past. However, phishing attacks continue to get optimized by large criminal groups, which has made it worth the effort to research and conduct spear phishing on small businesses.
Spear phishing attacks are more dangerous because they’re customized to trick the users of a specific company rather than being generic.
Brand Impersonation Is on the Rise
In many spear-phishing campaigns, brand impersonation is used. This is when the phishing message pretends to be from a legitimate company. These types of messages have a better chance of fooling the recipient because they can look identical to the emails or texts the real company sends out.
Brand impersonation is on the rise, and it’s not only large companies that get spoofed. A hacker will often impersonate a smaller company and send phishing to its vendors or customers in a targeted campaign.
Increasing Use of Initial Access Brokers
Criminal groups run cyber attacks as a business and lately, this includes the use of outside contractors that are specialists in one specific area of an attack. The use of Initial Access Brokers is on the rise, making phishing attacks even more dangerous.
Initial Access Brokers specialize in accomplishing that first breach of an account or company network. They’re very good at what they do and are being brought in to increase the effectiveness of attacks.
Business Email Compromise Is Growing
Business email compromise (BEC) has become the next “big thing” for hackers. In the past several years, we’ve seen ransomware numbers shoot up because it brings in so much money. Now, BEC is becoming quite lucrative and the volume of this attack type is increasing as a result.
57% of malicious links in phishing emails are designed to take users to websites to steal their credentials. Once a hacker has access to a business email account, they can send out very convincing emails to trick recipients into sending them money or gift cards.
Examples include:
- Gift card scam, where the message recipient is told to purchase gift cards for a corporate gift and reply with the numbers
- A payment request with the hacker’s wire transfer details, which is often sent to customers
Disgruntled Employees Are Being Offered Money for Passwords
Because login credentials to email accounts and cloud storage platforms are sought after by hackers, they’ve begun asking employees for them outright.
In hopes of finding a disgruntled employee, attackers are offering money for business login credentials. These employees can also be targeted with offers. All a hacker needs to do is search out hashtags like #HateMyJob on social media to find potential targets.
Have You Had a Cybersecurity Audit Recently?
Connect2Geek can help your Treasure Valley area business with an audit of your IT security so you know where you stand and if you may have areas of risk that need to be addressed.
Schedule your free consultation to learn more today! Call 208-468-4323 or reach out online.