Phishing is a social engineering technique where threat actors send fraudulent messages to trick victims into installing malware or giving away sensitive information. This includes login credentials and personal information. It’s one of the most prevalent and successful cybercrimes today. In Proofpoint’s 2021 State of the Phish report, 57 percent of the surveyed organizations experienced at least one successful phishing attack in 2020.
2021 is not much safer from phishing either. Hackers are continuously developing ingenious new ways to trick unsuspecting employees into compromising their workplace cybersecurity. Let’s look at some of the latest phishing trends shaping this year’s threat landscape.
Historically, phishers have capitalized on hot new trends and breaking news to fabricate their scams. In 2020, the COVID-19 pandemic was the best cover for phishing hacks – preying on the widespread confusion, worry, misinformation, and chaos that went rampant throughout the year. Between mid-March and April 2020, IBM observed a 6,000 percent increase in COVID-19-related phishing scams.
Even with the vaccine rollout and things slowly returning to normal, pandemic-related exploits are still far from over. In fact, the vaccine rollout has become one of the latest phishing avenues. Hackers are now targeting victims with false promises of providing early access to the vaccine and other benefits such as relief funds.
AI-based smart phishing
Smart phishing is quickly growing into a serious threat. Hackers are rapidly utilizing AI and machine learning technologies to perfect their scamming techniques. One approach is using intelligent malware to mine behavioral data on user computers and phones. The phisher can then fine-tune an attack based on the target’s online habits and preferences, such as frequently visited sites and favorite online purchases. Intelligent phishing attacks are much harder to detect since they are uniquely designed to appear legit and convincing to the target audience.
Highly targeted low-volume phishing campaigns
The email spoofing attacks of the past have mostly been replaced with highly targeted low-volume campaigns. Instead of sending hundreds of generic messages at once, phishers are now targeting smaller groups of individuals with personalized messages. Hackers have realized that high-volume phishing waves are much easier to detect and publicize than scaled-down campaigns. Plus, personalized phishing hacks have better chances of fooling digital spam filters and attract more clicks, too.
Nowadays, phishers go through a lot of trouble to make their scams convincing and successful. Some highly targeted and elaborate phishing threats include spear phishing, angler phishing, and whaling.
File-sharing platforms are the new phishing vectors
Over the last couple of years, phishers started hiding behind the security reputation and credibility of mainstream file-sharing services such as OneDrive, DocuSign, Dropbox, and SharePoint.
One of the ways hackers do this is by directing victims to phishing pages that resemble popular file-sharing platforms. The unsuspecting user then enters their login details, which are immediately harvested by the hacker and used to compromise the real user account. Phishers can also embed malicious links in documents hosted on these platforms. The point of these phishing techniques is to avoid using email attachments, which some people know not to open.
Staying safe from phishing attacks
Phishing is not going away any time soon. Cybercriminals are only getting better at it – perhaps we’ll even have newer phishing threats to worry about next year. So, make sure to protect your business against these attacks. Since employees are the critical targets in most phishing attempts, equip them with the skill and tools to identify, mitigate, and report incoming scams. Regular phishing awareness training can go a long way in ensuring that your staff never falls for social engineering lures.
Additionally, reinforce your entire cybersecurity posture in preparation for whichever form these attacks may take. GB Tech can help you adopt and implement robust cybersecurity solutions to safeguard your HR and digital assets against rampant threats. We provide proactive security services, including staff education and training, 24/7 monitoring, and security planning. Contact us to learn more.