Phishing remains a constant threat for any size company. It’s the main method of attack delivery because it’s so effective. Unsuspecting users can be tricked in multiple ways to click a dangerous link or open a malicious file attachment, and tactics continue to evolve.
As soon as you train employees on the latest phishing tactics as part of your overall network security strategy, new types of attacks are being developed and launched.
Just like business owners, large underground criminal groups are always working to optimize what they do. This has led to attacks being able to be carried out in less time and the rise of service models like Ransomware as a Service, which democratizes attacks so anyone can launch them.
These are two of the factors causing phishing to surge. In both May and June of 2021, phishing attack volume increased by over 280% each month.
What types of attacks should you be looking out for in 2022? We have a rundown below of the trends you’ll need to prepare for in the coming year.
Unhappy Employees Are Being Offered Cash for Login Credentials
If you have any problems with employees at your company, a hacker might seek those people out and offer them money to hand over their login to a company account.
With the popularity of social media, it’s not that difficult for phishing scammers to search on hashtags that disgruntled employees might use, such as #HateMyJob. Unhappy employees are being targeted in a new type of targeted attack that attempts to seek out those employees that might be enticed into facilitating a data breach.
Small Businesses Are Experiencing More Targeted Phishing Attacks
Targeted phishing is the type that is directed at a specific company, rather than being generic. If you compared phishing to real fishing, a generic attack would use general bait to try to catch any type of fish that would take it. A targeted (or spear-phishing) attack would involve the fisherman picking out a specific type of bait that was liked by the type of fish that he wanted to catch. Thus, it would be more effective.
The same is true of spear-phishing versus generic phishing attacks. The hacker takes time to personalize the email used in the attack with details specific to the company and that would be more likely to fool users.
This type of attack takes more time and effort and used to be seen mainly with larger companies, but now spear phishing is being used increasingly in attacks against small businesses.
Smishing is Growing Rapidly
Smishing is phishing via SMS. People are using text messaging as an email alternative and now get many communications from retailers and service providers via SMS rather than email.
Hackers are taking advantage of this and the fact that many users aren’t yet expecting to see phishing via text. They’re sending smishing that masquerades as fake shipping notices, and other common texts that people receive.
Business Email Compromise (BEC) Is Beginning to Surpass Ransomware
Business email compromise is rising on the list of hackers’ most lucrative attacks. Ransomware has grown so rapidly due in part to the fact that it is a big money-maker for criminal groups.
BEC is now being used to launch gift card and other scams. Basically, the hacker manages to gain access to an employee’s business email account. This allows them to send very convincing phishing emails that ask other employees in the same company to purchase gift cards or provide banking details for payroll, etc.
Employees are often fooled because they know the person’s email address and recognize it as legitimate. This type of scam is becoming very lucrative and beginning to surpass even ransomware.
Specialists Are Being Brought in for the Initial Account Breach
Initial Access Brokers are specialists in the cybercrime world that work only on getting that initial breach into a network or company account. These outside contractors are being employed more often in cyberattacks by large criminal groups to increase efficiency.
Because they focus only on this particular area of an attack, they become quite good at it, which makes phishing even more dangerous.
Brand Impersonation Is Growing
It’s getting very difficult to tell a fake email from a real one because of brand impersonation. Phishing attacks will often copy a real email from a legitimate company, change a few links and then send it out from a spoofed address that users might think looks legitimate.
For example, the email below that looks like it’s from Bank of America is actually a very clever phishing scam using brand impersonation. When looking up the email address online, there are numerous reports of it being fake.
Brand impersonation is being used increasingly in phishing attacks because it is often an effective way to fool users into clicking a link to a malicious site.
Does Your Company Have Enough Protection Against Phishing?
Don’t leave your company exposed in 2022. B-Comp Services can help your Denver area businesses with an IT security audit that identifies any areas of risks and provides solutions.
Contact us today for a consultation. Call at 303-282-4934 or contact us online.