Alarming Phishing Attacks to be Aware of in 2022
In 2020, 75% of companies worldwide were affected by a phishing attack. Phishing remains one of the biggest threats to the health and well-being of your business, as it is the primary delivery method for all types of cyberattacks.
A single phishing email can be responsible for a company being hit by ransomware and facing costly downtime. It can also cause a user to unknowingly share company email account credentials, which the hacker then uses to target customers.
Phishing exploits human error, and some phishing emails use sophisticated tactics to trick the recipient into giving up information or infecting a network with malware.
Mobile phishing threats increased by 161% in 2021.
The best protection against the constant phishing attack are:
To properly train your employees and ensure your IT security is updated to the latest threats, you need to know what new phishing threats are coming your way.
Here are some of the latest phishing trends to watch out for in 2022.
Fewer people are suspicious of text messages than they are of unexpected email messages. Most phishing training tends to focus on the email form of phishing because it has always been the most prevalent.
But cybercriminals are now taking advantage of the easy availability of cell phone numbers and using text messages for phishing attacks. This type of phishing (also called "smishing") is on the rise.
People are receiving more text messages today than in the past, in large part because retailers and service providers are spicing up their text messages with sales and delivery announcements.
This makes it even easier for phishing via SMS to fake a shipping notification and get the user to click on a shortened URL.
Ransomware has been a growing threat in recent years, largely because it is a major source of revenue for the criminal groups that launch cyberattacks. A new, emerging form of attack is starting to be quite lucrative and is therefore also on the rise.
Business email compromise (BEC) is on the rise and is being exploited by attackers to make money from things like gift card fraud and bogus wire transfer requests.
What makes BEC so dangerous (and lucrative) is the fact that a criminal who gains access to a business email account can send very convincing phishing messages to the company's employees, customers and suppliers. Recipients will immediately trust the familiar email address, making these emails powerful weapons for cybercriminals.
There is no business too small to be targeted by a hacker. Small businesses are often the target of cyberattacks because they offer less IT security than larger companies.
43% of all data breaches target small and medium businesses, and 40% of small businesses that fall victim to an attack experience at least eight hours of downtime.
Spear phishing is an even more dangerous form of phishing, as it is targeted and not commonly used. It is the type of attack that is carried out using BEC.
In the past, spear phishing was mainly used for larger companies, as it takes more time to prepare a targeted and tailored attack. However, as large criminal groups and state-sponsored hackers make their attacks more efficient, they can more easily access anyone.
This results in small businesses receiving more tailored phishing attacks that are harder for their users to recognize as fraud.
We just discussed that large criminal groups are constantly tweaking their attacks to make them even more effective. They treat cyberattacks like a business and are constantly working to make them even more profitable.
One way they do this is by using external specialists called initial access brokers. These are specific types of hackers who focus only on gaining initial access to a network or corporate account.
The increasing use of these experts in their field makes phishing attacks even more dangerous and difficult for users to detect.
As users become warier in receiving emails from unknown senders, phishing attackers are increasingly taking advantage of the opportunity to impersonate businesses. In this case, a phishing email looks like a legitimate email from a company that the user may know or even do business with.
Amazon is a frequent target of corporate impersonators, but smaller companies are also affected. For example, there have been cases where the customer lists of website hosting companies have been cracked and these companies have sent emails impersonating the hosting company and asking users to log into an account to fix an urgent problem.
Since phishing attacks increasingly use corporate identities, users need to be suspicious of all emails, not just those from unknown senders.
It’s important to use a multi-layered strategy when it comes to defending against one of the biggest dangers to your business's well-being. Get started with a cybersecurity audit from Onyx IT to review your current security posture and identify ways to improve.
Article used with permission from The Technology Press.
T: 01603 414142
E: getintouch@onyx-it.co.uk
Onyx IT has been supported by New Anglia Local Enterprise Partnership through the Growing Business Fund