Phishing takes advantage of human error, and some phishing emails use sophisticated human engineering tactics to fool the recipient into sharing private information or infecting a network with malware. One phishing email can be responsible for a company becoming a victim of ransom demands in exchange for data or access to your business network. It can also lead a user to unknowingly hand over the credentials to a company email account that the hacker then uses to send targeted attacks to customers. In the end, the organization may face costly downtime, loss of reputation, and perhaps even go out of business, if the data was not properly secured and backed up, or the recovery procedures are not in place.
Cyberthreat trends continue to grow.
In 2020, 75% of companies around the world experienced a phishing attack. Phishing remains one of the biggest dangers to your business’s health and wellbeing because it’s the main delivery method for all types of cyberattacks.
In 2021, Terranova Security disclosed information on phishing: out of a million phishing emails, 19.8% of fraudulent links were clicked on. That means that almost 200,000 people may potentially compromise their data and their devices. Same year mobile phishing threats grew by 161%.
So, here are some of the latest phishing trends that you need to watch out for in 2022.
Phishing Text Messages Skyrocket
Fewer people are suspicious of text messages than they are of unexpected email messages. Most phishing training is usually focused on the email form of phishing because it’s always been the most prevalent.
But cybercrime entities are now taking advantage of the easy availability of mobile phone numbers and using text messaging to deploy phishing attacks. This type of phishing (called “smishing”) is growing in volume.
People are receiving more text messages now than they did in the past, due in large part to retailers and service businesses pushing their text updates for sales and delivery notices.
This makes it even easier for phishing via SMS to fake a shipment notice and gets a user to click on a shortened URL.
Business email is increasingly compromised
Ransomware has been a growing threat over the last few years largely because it’s been a big money-maker for the criminal groups that launch cyberattacks. A new up-and-coming form of attack is beginning to be quite lucrative and thus is also growing.
Business email compromise (BEC) is on the rise and being exploited by attackers to make money off things like gift card scams and fake wire transfer requests.
What makes BEC so dangerous (and lucrative) is that when a criminal gains access to a business email account, they can send very convincing phishing messages to employees, customers, and vendors of that company. The recipients will immediately trust the familiar email address, making these emails potent weapons for cybercriminals.
SMBs are being targeted like never before
Don’t fall victim to the “It is not going to happen to me” line of thinking. SMBs tend to have less IT security than larger companies and as a result, are now targeted by hackers very frequently.
43% of all data breaches target SMBs, and 40% of small and medium-sized businesses that become victims of an attack experience at least 8 hours of downtime as a result.
Spear-phishing is a targeted tactic to gain access to a computer system and a network or acquire sensitive data by sending counterfeit messages that look legitimate and appropriate to the user, not just generic. It’s the type deployed in an attack using the Business Email Compromise (BEC) tactics. It used to be easier for hackers to target larger companies because old-school phishing was more generic. It takes more time to set up a targeted and tailored spear-phishing attack. However, as criminal groups and state-sponsored hackers make their attacks harder to identify as a scam., they’re now able to target anyone with ease.
A result is small businesses receive more personalized phishing attacks.
Attacks are getting more effective through the use of Initial Access Brokers
Hackers are no longer lonely teenagers looking for fame in the cyberworld. Large cybercrime organizations are continually working on the effectiveness of their attacks. Many hackers are now nine-to-five employees in a business model setup, making more profit every day.
One of the latest trends in cybercrime is to use outside specialists known as Initial Access Brokers, specific types of hackers that only focus on getting the initial breach into a business network or company account.
The increasing use of Initial Access Brockers makes growing phishing attacks even more dangerous and treacherous for users, being hard to detect.
Impersonation fraud grows bigger
As users have gotten smarter about emails from unknown senders, phishing attackers have increasingly used impersonations of business executives. Phishing emails often come in the form of a request for private and personal information, log-in credentials, or financial operation request, all designed as a legitimate-looking email from a supervisor (“CEO fraud“), a business partner, or a financial institution you are affiliated with.
Shipping companies like UPS or retail corporations like Amazon are common marks of cyber impersonation. With the latest trends, it also happens with smaller companies as well. For example, your local service provider may have had their customer email addresses stolen via a cyber breach, and you may be receiving emails from cybercriminals impersonating that company and asking you to log in to an account to fix an urgent problem, or to pay a fraudulent invoice.
You should be vigilant when reviewing your emails, not just those from unknown senders, but from those that may look legitimate as well. When in doubt, call the source company directly using their official phone number to clarify any questions or clear any suspicion of fraudulent activities.
IS YOUR COMPANY ADEQUATELY PROTECTED FROM PHISHING ATTACKS?
It’s vital to use a multi-layered security strategy when it comes to protecting your business against one of the biggest dangers today. To meet the newest cyber threats you must properly train your employees and ensure your IT security is being upgraded.
Get started with a cybersecurity audit to review your current security posture and identify ways to improve.
Introducing Secure Global Network
- Next-Generation Cloud Firewall
- Zero Trust LAN and Network Access
- Multi-Engine Download Scanning
- Security Information and Event Management
- Security Operations Center
- Endpoint Detection and Response
- Managed Detection and Response
- Next-Generation Anti-Virus
- Ransomware Protection
- Secure Remote Access
- VPN Alternative
- Wi-Fi Security
- Secure Web Gateway
- Content Filtering
- Secure DIS
Learn more about Secure Global Network.
How is your state of IT? Call Us: (855) 551-7760 with any questions.