cyano66 | iStock | Getty Images
Phishing is on the rise, and anyone who uses email, text messaging, and other types of communication is a possible victim.
These attacks, by which a cybercriminal sends a deceptive message that is designed to idiot a user into providing sensitive information corresponding to bank card numbers or to launch malware on the user’s system, could be extremely effective if done well.
Some of these attacks have change into increasingly sophisticated — making them more dangerous — and more common. An October 2022 study by messaging security provider SlashNext analyzed billions of link-based URLs, attachments, and natural language messages in email, mobile and browser channels over a six-month period, and located greater than 255 million attacks. That is a 61% increase in the speed of phishing attacks compared with 2021.
The study revealed that cybercriminals are shifting their attacks to mobile and private communication channels to succeed in users. It showed a 50% increase in attacks on mobile devices, with scams and credential theft at the highest of the list of payloads.
“What we have been seeing is a rise in the usage of voicemail and text as a part of two-pronged phishing and BEC [business email compromise] campaigns,” said Jess Burn, senior analyst at Forrester Research. “The attackers leave a voicemail or send a text concerning the email they sent, either lending credibility to the sender or increasing the urgency of the request.”
The firm is receiving plenty of inquiries from clients about BEC attacks usually, Burn said. “With geopolitical strife disrupting ransomware gang activity and cryptocurrency — the popular approach to ransom payment — imploding as of late, bad actors are going back to old-fashioned fraud to make cash,” he said. “So BEC is on the rise.”
Criminals using phishing attacks based on tax season, shopping deals
One in all the iterations of phishing that folks need to pay attention to is spearphishing, a more targeted type of phishing that usually uses topical lures.
“While it just isn’t a latest tactic, the topics and themes might evolve with world and even seasonal events,” said Luke McNamara, principal analyst at cyber security consulting firm Mandiant Consulting. “For instance, as we’re in the vacation season, we will expect to see more phishing lures related to shopping deals. During regional tax seasons, threat actors might similarly try to use users within the technique of filing their taxes with phishing emails that contain tax themes in the topic line.”
Phishing themes will also be generic, corresponding to an email that appears to be from a technology vendor about resetting an account, McNamara said. “More prolific criminal campaigns might leverage less specific themes, and conversely more targeted campaigns by threat actors involved in activity like cyber espionage might utilize more specific phishing lures,” he said.
What people should do to ward off phishing attempts
Individuals can take steps to higher defend themselves against phishing attacks.
One is to be vigilant when giving out personal information, whether it’s to an individual or on an internet site.
“Phishing is a type of social engineering,” Burn said. “That signifies that phishers use psychology to persuade their victims to take an motion they could not normally take. Most individuals wish to be helpful and do what someone in authority tells them to do. Phishers know this, in order that they prey upon those instincts and ask the victim to assist with an issue or do something immediately.”
If an email is unexpected from a particular sender, if it’s asking someone to do something urgently, or if it’s asking for information or financial details not normally provided, take a step back and look closely on the sender, Burn said.
“If the sender looks legitimate but something still seems off, don’t open any attachments and mouse or hover over any hyperlinks within the body of the e-mail and have a look at the URL the link points to,” Burn said. “If it doesn’t seem to be a legitimate destination, don’t click on it.”
If a suspicious-looking message is available in from a known source, reach out to the person or company via a separate channel and inquire as as to if they sent the message, Burn said. “You may save yourself plenty of trouble and you will alert the person or company to the phishing scam if the e-mail didn’t originate from them,” he said.
It’s an excellent idea to stay awake on the newest phishing techniques. “Cyber criminals continually evolve their methods, so individuals have to be on alert,” said Emily Mossburg, global cyber leader at Deloitte. “Phishers prey on human error.”
One other good practice is to make use of anti-phishing software and other cyber security tools as protection against potential attacks and to maintain personal and work data secure. This includes automated behavior analytics tools to detect and mitigate potential risk indicators. “Using these tools amongst employees has increased significantly,” Mossburg said.
One other technology, multi-factor authentication, “can provide top-of-the-line layers of security to secure your emails,” McNamara said. “It provides one other layer of defense should a threat actor successfully compromise your credentials.”