One phishing email and a company can succumb to ransomware and face costly downtime. It can also cause an employee to unknowingly hand over the credentials to a company email account. The hacker can then use that information to send targeted attacks to customers.
Studies show that in 2020, 75% of companies around the world experienced a phishing attack. Phishing is the main delivery method for all types of cyberattacks and remains one of the biggest dangers to your business’s health and wellbeing.
Phishing exploits human error. Some phishing emails use sophisticated tactics to fool the recipient into revealing sensitive information or infecting a network with malware.
Mobile phishing attacks increased by 161% in 2021.
Your best protection against the continuous barrage of phishing include:
- Next-gen antivirus/anti-malware
- Email filtering
- DNS filtering
- Ongoing employee cybersecurity awareness training
Knowing what phishing threats are on the rise will help you train your employees and ensure your IT security is being upgraded to meet the newest dangers.
The following is a list of the latest phishing trends that you need to watch out for in 2022.
Phishing via Text Message Is Becoming More Common
In the past, phishing training has been focused on the email form since it’s always been the most prevalent. But a new type of phishing, “smishing”, is growing in popularity.
Smishing takes advantage of the easy availability of mobile phone numbers and uses text messages to distribute phishing attacks. Fewer people are suspicious of text messages than they are of unexpected email messages, making text message attacks ideal for cybercrime.
With retailers and service businesses pushing their text updates for sales and delivery notices, people are receiving more text messages now than they did in the past.
This makes it even easier for phishing via text to fake being a sale or shipment notice and get a user to click on a shortened URL.
Business Email Compromise Is Growing
One of the big money-maker attacks for criminal groups is ransomware. This growing threat is continually evolving, and a new and up-and-coming form of attack is proving to be quite lucrative.
With a business email compromise (BEC) attack, a hacker sends a simple phishing email to an employee posing as a trusted individual and tricks them into handing over sensitive information. The hacker then uses this information to make money by sending out bogus emails requesting sensitive login information.
Emails can include bogus invoices, impersonating a company attorney, gift card scams and fake wire transfer scams. What makes this such a lucrative avenue for phishing is that the emails come from a trusted source and cybercriminals have access to the emails of employees, customers and vendors of that company.
Targeted Spear Phishing on Small Businesses is on the Rise
There is no business too small to be attacked by a hacker. Small businesses are the frequent target of cyberattacks because they tend to have less IT security than larger companies.
43% of all data breaches target small and mid-sized companies, and 40% of small businesses that fall victim to an attack experience at least eight hours of downtime as a result.
Spear phishing is a more dangerous form of phishing because it’s targeted, specific, and not generic. That’s why it is so effective and deployed in an attack using BEC.
It used to be that larger companies were the only ones targeted by spear-phishing. It took more time to set up a targeted and tailored attack however, since large criminal groups and state-sponsored hackers make their attacks more efficient, they’re able to more easily target anyone.
A result is small businesses receiving more tailored phishing attacks that are harder for their users to identify as a scam.
Using Initial Access Brokers to Make Attacks More Effective
We just established the fact that large criminal groups are continually enhancing their attacks to make them more effective. They treat cyberattacks like a business and aim to make them more profitable all the time.
One way they are doing this is by employing outside specialists called Initial Access Brokers. They are a specific type of hacker that only focuses on getting the initial breach into a network or company account.
The increasing use of these experts makes phishing attacks even more dangerous and difficult for users to detect.
Business Impersonation Hopes to Fool the Savvy User
As users have gotten more savvy about being careful of emails from unknown senders, phishing attackers have increasingly used business impersonation. Like BEC, this is where a phishing email will come in looking like a legitimate email from a company that the user may know or even do business with.
Big businesses like Amazon are a common target of business impersonation, but it can also happen with smaller companies as well. Often times website hosting companies will have client lists breached and those companies send emails impersonating the hosting company and asking the users to log in to an account to fix an urgent problem.
The increase in business impersonation being used in phishing attacks mean users have to be suspicious of all emails, not just those from unknown senders.
Protect your Company from Phishing Attacks
It’s imperative to use a multi-layered strategy when it comes to defending against one of the biggest dangers to your business’s wellbeing. Call or contact us to schedule a cybersecurity audit to review your current security and let us help you identify ways to improve and protect your business.