Phishing has grown up and become more sophisticated over the years. It started out in the early ages of business email as misspelled letters sent via email claiming to be from a prince in a far-off land.
Today’s phishing emails can look nearly identical to ones you receive from legitimate websites, and come in various forms (email, social media, text message, etc.).
It has been the number one delivery method for malware and attacks that cause data breaches for a number of years. And phishing attacks are now often run by large criminal organizations.
These organizations treat phishing as a business enterprise and work to optimize delivery, network breach percentage, and the money that can be made by each campaign.
As attacks get optimized, they often increase in volume as well. This is exactly what is currently being seen. In May of 2021, phishing attacks rose by 281%, and in June, they increased another 284% in volume on top of that.
Companies should also continually assess and upgrade their IT security strategy to ensure they’re keeping up with the protections needed against the latest threats.
Here are some of the alarming phishing trends to watch out for.
Employees are Being Offered Cash for Credentials
Credential theft is now the #1 cause of data breaches, being responsible for 20% of them globally. With most business data now being stored in the cloud, hackers are going after login credentials with increasing persistence.
One new tactic being taken is to offer employees cash to hand over their password to a company cloud account. Scammers only need to find one disgruntled employee willing to take the cash and think they won’t get caught to conduct a successful attack.
Small Businesses are Being Targeted with Spear Phishing
Because of the research and prep time involved in conducting a spear-phishing campaign (which is a more personalized form of phishing), these types of attacks used to only be targeted to larger companies.
However, with phishing payloads being optimized, criminal groups are now finding that they can put in the necessary time and effort to target small businesses in this way as well, and still make money.
Spear phishing often has a higher hit rate due to being personalized to look like a message is coming either from inside the company or from a vendor or other business partner.
Smaller companies should warn employees to be on the lookout for any unexpected messages, even if they appear to come from someone they know, as it could be a targeted attack.
The Use of SMS for Phishing Is Increasing
Over the last few years, SMS has evolved from being used mainly for our texts between friends, family, and colleagues, to an alternate form of email.
We now get text messages for shipment updates, retailer sales, and smart applications for our home devices.
Mobile numbers are also more publicly available than they used to be in the past, which makes it easier for scammers to send phishing via SMS.
Users often aren’t expecting to receive phishing via text message, so they can easily be fooled into clicking links to malicious sites.
Brand Impersonation Is on the Rise
Brand impersonation has been around for a while, but it’s getting much more sophisticated. It’s hard to tell a real message from a fake one these days.
Take the email below that appears to be from Bank of America. It uses all the bank’s imagery and even a lookalike to their standard signature. But it’s a fake phishing scam.
If you Google the email address, which is cleverly spoofed, it shows that this is a scam used by both email and text message.
BEC (Business Email Compromise) Is Becoming More Lucrative
When a hacker can breach a company email address, they’re able to send targeted phishing emails that have a much higher chance at fooling the user into taking some kind of action.
The recipient will see that the email is from an internal company email address that they know. But they don’t realize that the email account has been compromised.
BEC has been increasing because it’s becoming more lucrative for scammers. One of the common scams you’ll see using BEC is the gift card scam. This is when the hacker sends emails from the hacked account to other employees in an organization asking them to purchase gift cards (either for customers or employee gifts), promising reimbursement. As soon as the gift card numbers are sent back, the scammer takes off with them.
Improve Your Phishing Defenses. Schedule an IT Security Audit Today!
Cloudadvize can work with your Dallas-Fort Worth business to improve your phishing defenses. We’ll do a full audit of your current protections and make recommendations for any weak areas.
Contact Cloudavize today for a free consultation to get started.