In 2020, a staggering 75% of businesses globally were victims of phishing attacks. Phishing continues to be a significant threat to the health and security of businesses as it serves as a primary vector for various types of cyberattacks. A single phishing email can lead to a company falling prey to ransomware, resulting in expensive downtime, or it might cause an employee to inadvertently surrender login details for a corporate email account, which the attacker could use to launch targeted assaults on customers. Phishing capitalizes on human error, employing advanced tactics to trick recipients into sharing sensitive information or introducing malware into their systems.
There was a 161% surge in mobile phishing threats during 2021. To combat the relentless wave of phishing attacks, businesses should implement robust defenses, such as:
- Email filtering
- DNS filtering
- Advanced antivirus/anti-malware solutions
- Regular cybersecurity awareness training for employees
Companies must keep their workforce educated and their IT security updated to counter emerging phishing threats. Below are some of the latest phishing trends to be vigilant about in 2022:
PHISHING VIA TEXT MESSAGES IS ESCALATING
Text messages are less likely to raise suspicion compared to unexpected emails. Most phishing training has historically focused on email, as it has been the most common method. However, cybercriminals are now exploiting the widespread availability of mobile phone numbers to conduct phishing attacks through text messaging, known as “smishing”, which is increasing in frequency. With the rise in text message usage for sales and delivery updates from retailers and service providers, smishing attacks can easily masquerade as legitimate shipment notifications, enticing users to click on malicious shortened URLs.
BUSINESS EMAIL COMPROMISE (BEC) IS ON THE RISE
Ransomware has been a growing concern due to its profitability for cybercriminals. A rising form of cyberattack, known as Business Email Compromise, is proving to be lucrative as well, and its prevalence is increasing. BEC attacks involve hackers gaining access to a business email account and sending convincing phishing messages to the company’s employees, customers, and vendors. The familiarity of the email address garners immediate trust, making these attacks particularly effective for cybercriminals.
SMALL BUSINESSES FACE INCREASED SPEAR PHISHING ATTACKS
No business is too small to escape the attention of hackers. Small businesses are often targeted because they usually have weaker IT security compared to larger firms. Data breaches targeting small and mid-sized businesses account for 43% of all incidents, with 40% of small businesses that fall victim to an attack suffering at least eight hours of downtime. Spear phishing, a more targeted and personalized form of phishing, is becoming more common against small businesses, making it challenging for their employees to recognize these scams.
INITIAL ACCESS BROKERS ENHANCE ATTACK EFFICACY
Large criminal groups are continuously refining their cyberattacks to increase profitability. They are incorporating the expertise of Initial Access Brokers, specialized hackers who focus solely on gaining initial entry into a network or company account. The involvement of these specialists makes phishing attacks even more sophisticated and harder to detect.
INCREASE IN BUSINESS IMPERSONATION
As individuals become more cautious about emails from unknown sources, attackers are turning to business impersonation tactics. These phishing emails appear to be from legitimate, often well-known companies that the recipient may recognize or have dealings with. Common impersonation targets include Amazon, though smaller businesses are not exempt. For instance, cybercriminals have accessed client lists from website hosting companies and sent out fraudulent emails posing as the hosting provider, prompting users to log in to address an urgent issue. This trend means that users must be wary of all emails, not just those from unfamiliar senders.
IS YOUR BUSINESS WELL-PROTECTED AGAINST PHISHING?
It is crucial for businesses to adopt a multi-layered defense strategy against phishing, one of the most significant threats to their stability. Initiating a cybersecurity audit to assess the current security measures and identify areas for improvement is a recommended starting point.
Article used with permission from The Technology Press.
Leave a Reply