One of the constant threats to a company’s wellbeing and data security is phishing. Phishing attacks come in all forms and can conceal multiple attack types, from credential theft to ransomware.
The latest trends seen in phishing attacks illustrate how the influence of large criminal organizations is evolving phishing and making it increasingly dangerous.
When you see a phishing campaign, it’s not just one person behind it in most cases. It’s used by state-sponsored hacking groups and other criminal entities as a money-making enterprise as well as to gather damaging information or attack a specific system.
With organized crime launching these types of attacks, phishing is treated like a business. Attacks are continuously optimized and attackers even bring in outside contractors that specialize in a certain type of attack process.
When things become more efficient, they can be done with more frequency, and such is the case with phishing. In May of 2021, there was a spike of 281% in phishing attacks, and that was followed by another rise of 284% in June.
It’s important to continually scan the horizon for new attack trends so your company can be prepared, and your employees can know what to watch out for.
Here are several dangerous phishing trends that have been detected.
As we mentioned, with organized crime from around the world running many phishing attacks, they’re running these attacks as a business. One trend seen is the increasing use of initial access brokers. These are specialists that are completely focused on the first step in a cyberattack… getting in the door.
Their specialty is breaking into company networks for the purpose of stealing information or planting ransomware or other malware. They’re being used as outside contractors to initiate the “break-in.” They then hand off to the group launching the attack.
Many business email systems are cloud-based, rather than running from an on-premises server. Hackers know they only need to gain access to user credentials to gain access to business email.
The profitability of this type of attack is beginning to surpass even that of ransomware. The gift card ploy is used frequently once attackers have gained access to a company email account.
They’ll typically target an account of someone in a high-level position and then from that breached email account send out messages to employees asking them to purchase digital gift cards for some reason and send the gift card numbers back.
Many employees are programmed to follow instructions from a superior, so they’ll do as they’re instructed. The thieves then make off with the gift card numbers, cashing them in or reselling them on the Dark Web.
It used to be that you’d see the targeted phishing campaigns being used for larger enterprise organizations. Targeting takes time and includes research that needs to be done on a company and its staff so emails can be crafted that are personalized and more believable.
But now, phishing attacks are using targeting (also known as spear phishing) for small businesses as well. With the use of ransomware as an attack being so lucrative, criminals are doing a cost-benefit analysis. They are realizing that putting in the effort to specifically target their fake emails can pay off, even when hitting smaller companies.
An alarming new trend in phishing is the sending of emails that offer employees money for disclosing their login credentials for a platform like Microsoft 365, QuickBooks online, or another company cloud account.
Credential theft is now the number one cause of data breaches in the world, being responsible for 20% of them.
Hackers are seeking out employees that might be disgruntled and willing to compromise their company’s account for a little cash. The employee might think that they are not actually the ones breaking into anything and that passwords are hacked all the time, so they hand over their credentials, enabling an account breach.
SMS is becoming the new email. We now can get any number of texts from various services or retailers. For example, World Market will send coupons via SMS, Amazon sends up-to-the-minute delivery notices via SMS, and the list goes on.
Phishing is now morphing to take advantage of how easy it is to get cell phone numbers online and through Dark Web marketplaces. They are sending spoofed text messages with links to phishing sites that look like they’re coming from a legitimate source.
Links in text messages often can’t be hovered over like links in email, so users are often caught unaware and end up infecting their device with malware or entering credentials into a fake login form.
Haxxess can help your Northern Ontario business ensure you have the device, network, and cloud account protections in place to combat phishing in all its forms.
Contact us today to schedule a free consultation! Call 705-222-8324 or reach out online.