One IT security problem that only ever seems to get worse is phishing. It’s the main method of conducting cyberattacks of all kinds and it continues to grow in volume.
One reason we seem to always see more phishing attacks and not fewer is that large criminal organizations optimize the delivery of phishing and its “hit rate.” This is done by doing things like adding artificial intelligence that makes targeting easier. Ransomware as a Service has also led to a rise in attacks by making it simple for anyone without any coding skills to launch cyberattacks.
In both May and June of 2021, phishing attacks increased by over 280%.
To keep up with phishing threats, businesses need to continually look to new cyber attack trends and then ensure their network defenses are strong enough to keep up.
The beginning of the year is a good time to evaluate your IT security systems, have an audit done, and address any areas of weakness.
Dangerous Phishing Trends to Prepare for In the Coming Year
Watch Out for Phishing by Text Message
Text messaging is being used increasingly for phishing attacks. This type of phishing is called “smishing” (SMS + phishing) and it’s a major risk factor for 2022.
While employees may know to be suspicious of unknown emails or clicking links in emails, they typically don’t expect to receive phishing via text messages. Links are often shortened in texts, which makes it even easier for a fake text message to fool a recipient.
SMS is now the new email for a lot of interactions (shipping notifications, retail sale notices, etc.) which makes it even easier for fake messages to go undetected.
Employees Are Being Offered Money for Passwords
Credential compromise has risen to become the major cause of data breaches in 2020, according to IBM’s Cost of a Data Breach Report. During the pandemic, many companies switched from on-premises processes (like email) to cloud-based services.
Cybercriminals know that all they need is an employee password to access all types of data, cloud storage, email, and more, so they’re getting bolder about getting those credentials.
A new trend is for attackers to offer employees money to hand over their username and password for a company account. This type of phishing is designed to find employees who may be disgruntled and willing to compromise their organization for some cash.
Email Account Compromise is Becoming a Money-Maker for Scammers
Ransomware has continued to grow over the last few years because it’s become a big revenue producer for state-sponsored hacking groups and other criminal organizations.
The next money-maker that’s increasing in volume is business email account compromise. When scammers can compromise an email account, especially if it’s someone in a managerial position, phishing emails are much more effective.
Employees recognize the person and the email address and will initially believe an email coming from that address to be legitimate. Scammers use this to perpetrate gift card scams and similar attack types that are very lucrative.
Extortion is Being Deployed More Often
One new trend that’s been on the rise has been a form of extortion used against people that might be afraid of being caught in an embarrassing position.
With so many people working from home, work computers are often used for personal reasons, which can lead to someone thinking they may have been caught on an unsavory website.
In this phishing scam, the attacker will claim that they infected the user’s PC with malware and that this gave them the ability to spy on the user’s activities. They threaten to release proof, such as a video, to the person’s employer unless they pay them money.
Smaller Companies are Receiving Targeted Phishing Attacks
The difference between targeted phishing attacks (aka spear phishing) and generic attacks is that targeted attacks are more personalized and thus more effective.
The efforts put into spear-phishing used to only be deployed for larger organizations. But now that hackers are using AI and automation it takes a lot less effort to send these more effective personalized attacks.
They’re now being used against smaller businesses, which means employees need to be even more careful of the mail they get, and not assume that just because their name or company name is used that the message is legitimate.
Specialists Are Being Brought in to Optimize Network Breaches
Industry experts have noticed more use of initial access brokers, which are specialists that do nothing except breach a network. Because they focus on that initial breach, they’re able to hone their craft to be very effective.
Once the initial access broker is in, they hand things over to the company that hired them so they can conduct their attack.
Schedule Your New Year Security Audit & Be Secure in 2022
Start the new year secure and protected. Unity IT can conduct an IT security audit for your Fresno area business to help you identify and address any vulnerabilities.
Contact us today to schedule a technology consultation at 559-297-1007 or reach out online.