What Are the Biggest Phishing Trends Today?
According to the 2022 X-Force Threat Intelligence Index phishing was the most popular way cyber criminals gained access to an organization. They do this to launch an even larger attack, such as ransomware. The Index found that phishing was used to launch 41% of attacks that X-Force remediated between 2021 and 2021. This is 33% more than 2021.
Threat actors are increasing their phishing attacks due to the fact that it only takes one employee to make a mistake and cause serious business and reputation damage. It is essential that cybersecurity professionals keep up to date with new phishing trends. This will allow them to use the correct technology to prevent attacks. They must also train employees to spot and prevent attacks.
These are the five phishing trends your company is most likely to observe in 2022
Voice Phishing
Most people view spam calls as annoying. Vishing,, or voice phishing is on the rise. Cybersecurity training emphasizes not clicking on links. Many users don’t realize that spam phone calls could be the beginning of a cybersecurity attack. Vishing calls are when a person pretends to be a representative of a legitimate organization such as the IRS, bank, or other financial institution. They then ask the person answering to visit a website. The attacker then launches a cyber attack using the information from the website. The most common vishing scams are imposters (where the caller pretends that they are someone else), scams involving debt relief and charities.
Vishing was so common in 2021, the FBI even issued an alert. Proofpoint’s State of the Phish report revealed that 69% of the victims were organizations. This is 54% more than in 2020. The X-Force Index found that vishing attacks were three-times more effective than a traditional phishing scheme. This is most concerning. It is difficult to use cybersecurity software to stop the attack because the attack begins with the phone.
Your employees should be taught about vishing attacks and how to spot them. Employees don’t know this is a cybersecurity threat and many vishing attacks succeed. Employees should be reminded that they shouldn’t visit any website provided to them by a call center. To help employees spot potential threats more accurately, keep them informed about current vishing scams.
Spear Phishing
You will likely recognize phishing emails if you get an email from a bank you have never used before. However, if an email is sent from your bank, it’s much easier to fall for the scam. This is because the first attack was general phishing. Spear phishing is the second type of attack, and is targeted at particular people.
A 2021 FireEye study found that spearphishing recipients were 10x more likely to click the link than other phishing emails recipients. Spear phishing is on a rise, it’s not surprising. According to Proofpoint, 79% of spearphishing attacks were directed at organizations. This is an alarming increase of 66% compared to 2020.
According to the IBM Threat Index, large and trusted brands were most often copied by threat actors. An attacker might pretend to represent Apple, Google or Microsoft. These attacks can also be called spear phishing because most people do business with these companies in some way or another. Employees should be taught to pay attention to logos and verify email addresses. Many phishing attempts use emails that look official at first glance. After close investigation, you’ll be able to see it is phony, such as Apple99991@gmail.com. Multi-factor authentication can be used to reduce the risk of spear phishing attacks on employees who gain access to sensitive information.
Smishing
Smishing refers to when threat actors target someone via SMS texting. This type of attack is more effective because many people don’t have security software installed on their phones. Their laptop might be protected from the same attack. Smishing is not something that many people are aware of. They may therefore be more susceptible to being smished over email than text. Proofpoint discovered that 74% of organizations were subject to smishing attacks by 2021. This is 13% more than 2020.
During the pandemic, many people started using meal kits and food delivery. Cyber criminals started creating scamming schemes mentioning these services . Other schemes that are common include giveaways and upcoming delivery of packages.
Update your cybersecurity training to include Smishing. Proofpoint discovered that only 26% organizations include Smishing training in cybersecurity. It is important to inform employees about the types of legitimate SMS messages that they might receive from your company. This will help them to be familiar with the expected work system. Keep employees informed about new text message scams and keep them updated.
Social Media Phishing Attacks
Social media is becoming a popular platform for phishing attacks by hackers. Proofpoint discovered that 74% were victims of social media phishing attacks. This is 13% more than in 2020. People are often suspicious of social media phishing attempts, such as strangers messaging you via private messages on social media and offering a link to click. Other schemes can be harder to spot. Many hackers take control of accounts and target friends with phishing attacks. Another scheme is to get people to answer social media questions. This information can be used to create social engineering accounts. To convince people to click on malicious hyperlinks, threat actors create fake accounts for real companies.
How to protect your organization
Social media phishing attacks will continue to be a major risk as employees use personal devices to work more remotely and in hybrid settings. Include a section on social media fraud in your cybersecurity training and keep your employees informed about new schemes. It is important that all personal devices used by employees for work are updated with the most current patches and approved cybersecurity technology.
As attackers become more inventive in their targeting and social engineering techniques, phishing will continue to be a major threat. You can keep your employees informed by staying current on the latest phishing techniques. Employees will be more suspicious if they learn that the latest trend in phishing is to impersonate a company or email type.