cyano66 | iStock | beautiful pictures
Phishing is on the rise and anyone using email, text messages, and other forms of communication is a potential victim.
These attacks, in which the cybercriminal sends a phishing message designed to trick the user into providing sensitive information such as a credit card number, or launch malware on the user’s system, can be extremely effective if done well.
These types of attacks are becoming more sophisticated — making them more dangerous — and more common. An October 2022 study by messaging security service provider SlashNext analyzed billions of URLs based on links, attachments, and natural language messages in email channels, mobile devices. and browsers over a six-month period and detected more than 255 million attacks. That’s a 61% increase in the rate of phishing attacks compared to 2021.
Research reveals that cybercriminals are shifting their attacks to personal and mobile communication channels to reach users. It showed a 50% increase in attacks on mobile devices, with scams and credential theft at the top of the payload list.
“What we’ve seen is an increase in the use of voice and text mail as part of two-way phishing and BEC [business email compromise] Jess Burn, senior analyst at Forrester Research said. “Attackers leave voicemails or text messages about the email they sent, either creating credibility for the sender or increasing the urgency of the request.”
The company is getting a lot of questions from customers about BEC attacks in general, Burn said. “With the geopolitical conflict disrupting ransomware gangs and cryptocurrency – the preferred method of ransom payment – exploding towards the end of the year, the bad guys are returning to old-fashioned scams,” he said. to earn money”. “So the BEC is on the upswing.”
Criminals use phishing attacks based on tax season, shopping transactions
One of the repeated forms of scams that people need to be aware of is online scams, a more targeted form of scam that often uses spot-on decoys.
“While this is not a new tactic, themes and themes can evolve with world events,” said Luke McNamara, principal analyst at cybersecurity consulting firm Mandiant Consulting. or even seasonal”. “For example, when we are in the holiday season, we can expect to see more scams involving shopping deals. During regional tax season, threat actors may try to exploit similar user in the tax filing process with a phishing email containing a tax subject in the subject line.”
McNamara said phishing topics can also be generic, such as an email that appears to be from a technology provider about an account reset. “Richer crime campaigns can take advantage of less specific themes and, conversely, campaigns are more targeted by threat actors engaged in activity such as espionage,” he said. The network may use more specific phishing lures.”
What people should do to avoid phishing attempts
Individuals can take steps to better protect themselves against phishing attacks.
One is to be wary of giving out personal information, whether it’s to a person or on a website.
“Scams are a form of social engineering,” Burns said. “That means scammers use psychology to convince their victims to do something they wouldn’t normally do. Most people want to help and do what the authority says. the right to tell them to. Scammers know this, so they take advantage of those instincts and ask to help the victim solve the problem or do something right away.”
If an email isn’t expected from a particular sender, if it’s asking someone to do something urgent, or if it’s asking for information or financial details not normally provided, take a step back and see careful sender, Burn said.
“If the sender appears legit but something still goes wrong, don’t open any attachments and hover or hover over any hyperlinks in the body of the email and see the URL that the link says. point to,” Burn said. “If it doesn’t look like a legitimate destination, don’t click on it.”
If a suspicious message comes from a known source, contact the person or company through a separate channel and ask if they sent the message, Burns said. “You’ll avoid a lot of trouble, and you’ll alert the person or company to phishing if the email doesn’t originate from them,” he says.
You should stay up to date with the latest phishing techniques. “Cybercriminals are constantly evolving their methods, so individuals need to be vigilant,” said Emily Mossburg, global cyber leader at Deloitte. “Scammers take advantage of human error.”
Another good practice is to use anti-phishing software and other cybersecurity tools to protect against potential attacks and keep personal and work data safe. This includes automated behavioral analysis tools to detect and mitigate potential indicators of risk. “The use of these tools among employees has increased dramatically,” says Mossburg.
Another technology, multi-factor authentication, “can provide one of the best layers of security for your email security,” says McNamara. “It provides another layer of defense if a threat actor successfully compromises your credentials.”
