The dangers of phishing are well-known. It’s the main method used for cyberattacks of all types and thus the biggest threat to company network security.
Phishing remains such a popular method of attack because it preys on human error and the ability to be fooled by clever tricks. It also continues to evolve and become more sophisticated.
Large criminal underground organizations are often responsible for multiple attacks, and they work just like any business to optimize things like delivery and return on investment.
The increase in sophistication, efficiency, and profitability of phishing attacks has caused a continuous rise in attack volume. In 2020, attacks nearly doubled from what they were in 2019. And in May and June of 2021, phishing attacks rose over 280% both months.
Several new phishing trends have been detected recently that you’ll want to know about and include in your employee security awareness training.
Watch Out for These Alarming Phishing Trends
Disgruntled Employees Are Being Offered Cash for Passwords
Cybercriminals are getting bolder and now are coming right out to ask employees for their login credentials to company cloud accounts.
This type of phishing email often targets employees that have expressed some dissatisfaction with their job on social media. It doesn’t take long for a hacker to search hashtags like “#hatemyjob” to come up with some phishing attack candidates to offer cash for passwords. And if the employee doesn’t think they’ll get caught, they may just take the hacker up on the offer, enabling an insider attack.
Small Businesses Spear Phishing is Increasing
Spear phishing is when attackers learn a little about the company they’re sending phishing emails to and personalize the attack to give it a better chance of success.
This targeted form of phishing used to be done only for larger companies due to the time and effort involved to research personnel at a company and personalized emails and possibly a related phishing site.
But, because criminal groups have optimized their tactics to take less time, they’re now able to deploy targeted phishing attacks against small businesses as well and still make a profit.
What this means for small businesses is that your employees may be receiving even harder-to spot phishing emails because they’ll be more personalized to your company, such as appearing to be from a vendor you use or using your company name in the text of the email.
Phishing via Text Messaging Is Becoming More Prevalent
Text messaging is slowly becoming the new form of email. People often text rather than email because it’s faster. Most users also are less wordy in text messages than in email messages, so SMS is often a more efficient way to communicate.
But now people are getting text messages from retailers they’ve signed up with for SMS updates, shipping notices from Amazon, and more. This creates fertile ground for cybercriminals looking for new ways to trick people into clicking a malicious link.
Most people don’t expect to get phishing via text message, so they’re not as wary as they are with unexpected emails. Links are also often shortened automatically via text, so it’s even harder to spot a link to a malicious website.
Compromising Business Email Is Getting to Be Popular
Once a criminal group gains access to the login for a user’s company email account, they can launch a very convincing phishing attack on others in the same company.
Employees will recognize the person and the email address being used as from inside their company, so will often trust the message by default, even if it sounds a little out of character.
Business email compromise (BEC) is being used for things like gift card scams, where the phishing email requests that recipients purchase gift cards that they’ll be reimbursed for. The power of sending email from an actual company user account is making BEC lucrative for hackers, thus it’s becoming more popular as a form of attack.
Initial Access Brokers Are Being Used More Often in Attacks
In their efforts to continually optimize their operations, cybercriminals are bringing in experts with a specialty for that initial breach of a company network. These experts are called Initial Access Brokers, and they’re increasingly being used to initiate a phishing attack and get through IT security barriers.
Once they’ve breached the company network or cloud platform, control is then handed over to the attackers to continue planting malware, stealing sensitive documents, and more.
Can Your Network Security Handle the Latest Phishing Tactics?
Rocky Knoll Technologies can provide a cybersecurity audit for your Charlotte area business to reveal any areas of risk you may have. We’ll then make recommendations to help you improve security to better protect yourself from an attack.
Schedule a consultation by calling 704.594.7292 or reach us online.