Phishing has been increasing in volume and sophistication over the last few years. In 2021 alone, the month of May brought an increase in phishing of 281%. June had a further increase in attacks of 284%. These attacks are also largely run by large criminal groups and state-sponsored hacking organizations, not a single hacker in a basement. They put money and effort into making phishing more effective by employing AI, machine learning, and other sophisticated measures. Keeping up with the latest developments in phishing attacks so you can keep your staff aware is a critical component of a good cybersecurity strategy. This can ensure you are continuously upgrading your protections to combat the newest threats. What are the newest threats when it comes to phishing? We’ve listed several new disturbing trends that you should look out for in 2022.
Offering Disgruntled Employees Cash for Credentials
Credential compromise is now the #1 cause of data breaches in the world. Companies have largely switched from on-premises to the cloud for data storage, business email, work processes, and more. This makes login credentials a prime target for hackers. All they need is one login to a company account to steal data, plant ransomware, send phishing on a company domain or conduct an account takeover. In efforts to get those credentials any way that they can, phishing attackers are looking for unhappy employees (via their posts on social media) and offering them money to hand over their login credentials. All a scammer needs to do is search on a hashtag like #hatemyjob, and they have some prime targets to reach out to.
The Use of Phishing by Text Message is Increasing
Mobile phone numbers used to be fairly private. You never received annoying spam calls on them and only received text messages from friends and family. That’s not the case any longer. Many people actually have voicemail intros that state they don’t answer unknown numbers on their mobile phone due to robocalls. Mobile numbers are easy for spammers to get. People are now get an SMS from multiple companies for things like shipping notifications, sales notices, payment receipts, prescription refill notices, and more. SMS is becoming the new email for phishing attacks. Attackers send malicious text messages, such as those that look like shipping notices telling the recipient they need to update their contact details to receive a package. It’s even easier for a scammer to obscure a link to a phishing site in a text message because people expect those to use shortened URLs a lot of the time.
Smaller Companies Are Experiencing Spear Phishing
Spear phishing is a more targeted type of attack than general, non-personalized phishing emails. For spear phishing, an attacker will generally look up details on a company. This can include vendors they do business with or the names of those in managerial positions. Because of the personalized nature of these attacks, spear phishing is more effective than sending generic messages. But it does take additional effort and research. This used to only be used mainly on larger companies, but now industry experts are seeing spear phishing being used on smaller companies as well, as phishing becomes more lucrative and optimized.
Initial Access Brokers Are Being Employed to Improve Breach Capabilities
An initial access broker is a person that specializes in the first part of any data breach or malware attack, which is getting into a company network or cloud account. They’ve honed their craft, and know all the tricks to get that first foot in the door. Because of that expertise, criminal groups are increasingly using initial access brokers, and this has become somewhat of a consulting type business in the cybercrime world. This makes phishing attacks even more dangerous because the initial breach is usually being handled by an expert.
Business Email Compromise Is Becoming More Lucrative for Hackers
When a particular form of attack becomes more lucrative, more criminals will hop on board, and the volume of these types of attacks will increase. Such is the case with ransomware over the last several years. It has become a big money-maker for hacking groups; thus the volume and ransom demands have continually gone up. The next attack type that is on this upward trajectory is business email compromise (BEC). When phishing attackers can gain email credentials for a legitimate company email account, their phishing emails sent from that address have a much higher rate of return. One of the most popular phishing scams to send from a compromised account is one involving a request for employees to purchase gift cards and send the numbers, with a promise of reimbursement. If employees keep falling for BEC phishing scams, they’ll continue to increase in volume, just like ransomware.
When Did You Last Have a Cybersecurity Audit?
Copperband Technologies can conduct a full cybersecurity audit for your Southern Kentucky or Middle Tennessee business to identify any areas of vulnerability in your security protections and suggest solutions. Contact us today to schedule a consultation! Call 931.263.8000 or reach us online.