Phishing continues to be on the rise. In May of 2021, attack volume rose 281%, and in June it increased another 284%. It’s the biggest danger to business network security because it’s the number one cause of data breaches, and keeps becoming more sophisticated.
Large criminal organizations use phishing for launching lucrative ransomware attacks, planting spyware to steal information, and deploying attacks designed to steal login credentials. They also continually optimize phishing to be more effective.
There are several new phishing attack trends that you need to be aware of so you can properly safeguard your business network. They include targeting smaller businesses with spear-phishing and going after disgruntled employees with an offer of cash for credentials.
As phishing evolves, so should your cybersecurity measures and employee training to ensure your Natick area company continues to stay protected from a costly cyber incident.
Phishing Trends You Should Be Prepared For
Attackers Targeting Disgruntled Employees for Credentials
Login credentials to a company cloud account can offer a treasure trove of information to a hacker that can be monetized. Compromised login credentials has jumped to the number one cause of data breaches globally.
A new tactic that cybercriminals have been using is to offer employees money if they will hand over their login credentials. The goal is to find even one disgruntled staff member who will be willing to take the bait.
If a hacker does even a little research on sites like LinkedIn and Facebook, it’s not too hard for them to find employees complaining about their work and reach out to them via direct message.
Increased Use of Breach Access Specialists
Initial access brokers are being used increasingly by criminal organizations as a way to optimize their phishing efforts. These brokers specialize in that first breach into a network and from there hand over the “keys to the kingdom” to the criminal group that hired them.
This makes phishing attacks even more dangerous because they are often being perpetrated by those who have honed their craft and continue to evolve practices to get past new safeguards.
Small Businesses Being Targeted with Spear Phishing
Spear phishing is a step up from sending a generic phishing email to everyone. It involves doing some research on a company and its staff to craft a more targeted campaign with a much better chance of succeeding and fooling someone into clicking a malicious link.
For example, spear-phishing could involve looking up a company on LinkedIn to see who a manager is and other employees in the same department. Then, the attacker knows who to impersonate when sending an email to employees directing them to do something.
Spear phishing used to be used against larger organizations but is now increasingly also being used to attack small businesses.
Monetization of Business Email Compromise (BEC)
When someone’s business email is compromised by a hacker, they can then send very believable phishing messages to staff asking them to do things like purchase gift cards and send the numbers back in a reply.
Staff members are likely to be fooled because the email is coming from within their organization from a person they recognize.
Using BEC as a money-making scam is becoming more prevalent, so you should warn your staff to be cautious of any email asking for gift cards to be purchased or making any other unexpected request, even if it’s from an email address they recognize. It’s best to reach out to the person directly to see if they really did send the message.
Text Messaging Being Used More for Phishing
Over the last few years, SMS is becoming the new form of email. We now get text reminders from the dentist’s office, texts about the shipping status of a package, and SMSs about sales at retailers we frequent.
Scammers are taking advantage of this and now using SMS more for phishing. It’s easy to send a shortened URL to a malicious site and not have the user recognize it. People don’t usually know the numbers that Amazon or another service is using to send them text messages, so it’s easy for message recipients to be fooled by a fake that’s pretending to be from one of those retailers.
You should be wary of any unexpected text message and ensure you use DNS filtering and mobile malware on your device to help block any potential threats that may result from clicking on a phishing text.
Get a Cybersecurity Audit to Reduce Your Risk of a Breach
How secure is your network against the newest forms of phishing? Pro Tech Guy can help your Framingham or Natick company with a cybersecurity audit to identify and address any weaknesses.
Contact us today to learn more. Call 508-364-8189 or reach us online.