Perhaps because it targets what most cybersecurity professionals agree to be the weakest link in the cybersecurity chain—the human element—phishing continues to be one of the biggest threats organizations face today.
Last year, a survey of 1,000 IT professionals conducted by automation company Ivanti revealed that 74% of organizations had fallen prey to phishing, with most respondents saying the volume and sophistication of phishing attempts had increased.
74% of organizations had fallen prey to phishing with the volume and sophistication of attempts had increased.
To avoid falling prey to phishing attacks in 2022, organizations should familiarize their employees with the top phishing themes and trends so they can better recognize and avoid them.
5 Phishing Themes to Be On the Lookout For
1. Pandemic-Related Phishing Isn’t Going Away
When COVID-19 was declared a pandemic by the World Health Organization in March 2020, phishers instantly recognized the opportunity created by global fear and uncertainty.
The same month, Barracuda Sentinel researchers recorded 9,116 spear-phishing attacks related to COVID-19, an increase of 667% compared with February 2020.
Even though it has now been two years since the original outbreak, COVID-19 still continues to dictate the pace of life in many countries around the world, and COVID-19-related spear-phishing attacks continue to target people with malicious government documents, fake vaccination forms, and other scams.
2. Social Media Sites Are Being Used for Phishing
As organizations across most sectors keep expanding their social media presence, attackers are finding ways to use social media sites for phishing attacks. For example, attackers have been caught impersonating trusted brands like Microsoft and Google to target carefully selected employees with spear-phishing messages that seem to come from a real brand representative.
To prevent social media phishing attacks from turning into a major problem, it’s important to realize that the more friendly and informal nature of sites like Facebook and Twitter compared with email doesn’t automatically mean that all of their users have good intentions.
3. Phishers Are Learning to Create Convincing Deepfakes
The recent advances in artificial intelligence and machine learning have made it possible to create synthetic media based on existing material. Unfortunately, not all applications of this technology are as amusing as memes with face-swapped actors.
A bank manager in Hong Kong learned the hard way just how convincing deepfakes can be when he received a call in 2020 from who he believed to be a familiar company director. At the time, the bank manager had no idea that the man requesting the authorization of a $35 million bank transfer is actually a fraudster who had cloned the director’s speech using AI.
4. Business Email Compromise Attacks Take Spear-Phishing to the Next Level
Business email compromise (BEC) is a sophisticated spear-phishing attack that’s especially difficult to recognize in time because it involves a hacked, spoof, or impersonated business email address. Pretending to be the real owner of the email address, phishers then send carefully crafted wire transfer requests, hoping they would be approved without a question.
Depending on how the target is, a BEC attack may take weeks and even months of reconnaissance on social media and the web in general to understand who individual employees are, what their responsibilities are, and how they communicate with one another.
5. Phishing as a Stepping Stone to Ransomware
The purpose of phishing is to trick the victim into disclosing sensitive information or doing something that’s against their best interest. Increasingly often, the ultimate goal of phishers is to trick employees into infecting their work devices with ransomware, a type of malware that encrypts data on a device and then demands a hefty ransom payment for its decryption.
In 2021, ransomware cybersecurity solutions provider SonicWall detected 304.7 million attempted ransomware attacks, more than ever before. This worrying trend will likely continue for as long as employees keep falling for phishing attacks.
Let Us Help You Fight Back Against Cyberattacks!
Reliable phishing protection requires a multi-pronged approach encompassing everything from cybersecurity awareness training to network monitoring to endpoint security and more.
We at TechGen can help you implement these and other cybersecurity essentials so that you can successfully fight back against phishing attacks this year and beyond. Contact us to get started.