5 Dangerous New Phishing Trends You Need to Be Prepared For

5 Dangerous New Phishing Trends You Need to Be Prepared For

If your business isn’t continually optimizing your IT security strategy to match new phishing attack trends, you can easily fall victim to a sophisticated attack. 

Just as our cloud services and computer operating systems continue taking advantage of advances like AI and automation, criminal groups that run phishing campaigns are doing the same.

Phishing volume keeps increasing due to these optimizations. These state-sponsored hacking organizations and underground online crime syndicates treat phishing and malware attacks as a business, continually enhancing efficiency and ROI.

In May of 2021, phishing attack volume jumped 281%, and in June it increased another 284% on top of that. 

To ensure your company is protected and your employees know what to be on the lookout for, you’ll want to review the list below of the newest phishing trends that you’ll see in 2022.

Phishing Via SMS Is Increasing

Just think about how many text messages you received four or five years ago and compare that to today. 

You likely saw texts mostly from individuals you work with or that you know in your personal life several years back. But now you may get an SMS from Amazon with a tracking update or from your pharmacy for a prescription refill. 

Text messaging is replacing email, and mobile phone numbers are no longer as private as they used to be. This has led to the rise in phishing by text message (aka Smishing). Often these messages masquerade as shipment notifications prompting a user to update delivery details or messages from utility companies or retailers.

Scammers Are Looking for Disgruntled Employees to Bribe for Credentials

The business cloud is like a treasure chest for cybercriminals. They can access files, personal information on customers, emails and the ability to send emails, security settings, and more just by breaching a user’s account.

This has led to a new trend, which is for scammers to look for disgruntled employees to offer them cash for their credentials.

Using a search term on social media like “#hatemyjob” can easily bring up unhappy targets, which criminals can then research. If they work for a company of any size, then that’s a prime target to reach out to.

Someone that is unhappy where they work might be willing to hand over their Google Workspace or M365 password for a little cash.

Business Email Compromise Is Increasing

As we noted above, once a cloud account is breached, a hacker has access to multiple tools to use in an attack. One of the most lucrative is a business email account.

Business email compromise (BEC) has been increasing because of its effectiveness. If employees receive an email from someone in the company they know and see that it is sent from their legitimate email address, they’ll likely default to believing it, even if it has a slightly unusual request.

BEC is being used largely to perpetrate gift card scams. This is where the sender requests that employees purchase gift cards either for customer or staff gifts, promising reimbursement. The scammer takes the gift card numbers and then can sell those on the Dark Web.

Impersonation Of Companies (Even Smaller Ones) Is Becoming a Bigger Problem

As phishing attackers hone their attacks to be more effective, they try to find ways to gain the trust of the recipient. This is often done by impersonating another company, like Amazon or Netflix.

However, it’s not only large companies that these scammers are impersonating. They often target smaller companies and look for vendors they may use, such as the company that hosts their website or a raw material supplier.

They impersonate these companies in a targeted spear-phishing attack. Employees are often fooled because they’re not expecting a vendor that they do business with to be spoofed.

This element of reality, in that users may already receive regular emails from that vendor, makes the fake all the more believable.

Spear Phishing of Small Businesses Has Increased

The example above with the impersonation of a vendor that a small company may work with is an example of spear phishing. This is when attackers make the extra effort to do some research on a company so they can send more believable attacks.

This used to be preserved for larger enterprise victims, but now spear phishing is being used increasingly on smaller businesses because it’s so much more effective than sending generic phishing messages.

Employees need to be extra cautious and not just automatically accept a message as real if it’s from a familiar source.

Get Help Preparing Your IT Security for 2022 Attacks

Quantum PC Services can help your Sturgeon Bay business review your current cybersecurity strategy and make any adjustments needed to fortify it against new forms of attack. 

Contact us today to learn more! Call 920-256-1214 or reach us online.