Phishing attacks are not something that has come up recently. Such attacks have been around since the mid 90s, however, overtime, they have become more sophisticated.
To make things worse, did you know that 32% of confirmed data breaches involved phishing? (Verizon 2019 Data Breach Investigations Report) And 57% of the organizations report having experienced mobile phishing attacks! (Wandera’s 2020 Mobile Threat Landscape Report).
Before moving on to the latest trends in phishing, let us define it.
What is Phishing?
Phishing is one of the easiest and most common types of cyber attacks used by criminals and among the easiest to fall for as well. It is often used to steal user data such as login credentials, credit card numbers, and other personal information. The attacker, masquerading as a trusted entity, tricks a person into clicking on a link, opening a mail, or a WhatsApp message. Some links might be shortened which causes a challenge to know their legitimacy.
When the recipient clicks on the link, it may cause malware installation, hold your system hostage (ransomware attack), or reveal sensitive information caused by a vulnerability in the system.
Now that you know what phishing is, let us learn more about the latest phishing trends and ways to protect ourselves from them.
What is Spear Phishing?
Not all phishing attacks are based on ‘spray and pray’/random techniques where a long list of unknown recipients are targeted. Some cyber criminals rely on a more targeted and personal touch to attack their victims. In spear phishing, the attacker sends emails with the victim’s name, position, number, or other personal information.
The victim is tricked into clicking the URL or downloading the attachment and handing over their data. With the amount of personalization in crafting these attacks, it is no surprise that spear phishing is commonplace on various social media platforms like LinkedIn and Twitter.
How to avoid it?
To guard against spear phishing, organizations must conduct security awareness sessions and discourage their employees from putting sensitive or corporate information on social media.
In addition to that, companies must also invest in solutions that analyze inbound emails for certain known malicious links and email attachments. This measure is capable of picking up on indicators for both known malware as well as zero-day threats.
Also, organizations can invest in phishing simulation solutions to train employees on the best practices and show them first-hand what might happen when a phishing attack is performed.
What is Whaling?
A whaling attack, also known as whaling phishing, targets high-profile employees, such as the CEO or CFO of a company to get sensitive information. The attacker manipulates the victim into authorizing high-value wire transfers to the cyber criminal, thus conducting the attack.
Do you know why it is called whaling? It is termed coined due to the size of the attacks, and the whales are thought to be picked from a company as per their position or authority.
How to avoid it?
To avoid whaling attacks, check cautiously for suspicious email addresses and names. Review all the URLs you get in your inbox and see if anything is suspicious before clicking! It will greatly reduce your chances of being targeted by attackers. Also, try to prioritize raising cybersecurity awareness level in your organization.
Also, following the current procedures for all financial transfers done within your organization. You must also check other important transactions, for instance, forwarding sensitive information to other people outside your organization.
Smishing and WhatsApp Phishing
What is Smishing and WhatsApp Phishing?
Smishing (SMS Phishing) and WhatsApp Phishing is a cyber-attack that can harm you to great extents. Smishing uses a misleading text message to trick victims into falling into the trap. The attacker makes you believe that a trusted person or organization sends the message and then convinces you to take action that gives the attacker the desired information (for instance, the bank account login credentials).
We can say that it is a text-message based version of the email-based phishing scams. But they are trickier because people are less cautious for suspicious messages on their smartphones.
How to avoid it?
To avoid Smishing and WhatsApp Phishing, avoid clicking on any links you receive from unknown numbers. Do not reply to text messages asking about your finances. If you get an SMS saying, ” Dear user, congratulations, you have won….”, don’t fall into the trap. Also, check if the SMS is sent at an unusual time and check who sent it as the attacker might disguise themselves as your bank to trick you into performing certain tasks and providing them with your personal or sensitive information.
There are many different types of Phishing that cyber criminals perform to reach your private information, the most effective method for organizations and individuals to avoid falling victims to these scams is to raise their awareness about these types of attacks on a regular basis as attackers get more advanced with their methods as time goes by,
Think before you click!
Share this article:
When the word hacker or hacking is mentioned, a universal definition pops into mind. A hacker is known to be a cybercriminal who inflicts chaos on their victims by breaching, stealing, or damaging online systems and data. This is just one part of what the word hacking withholds. And contrary to popular belief, hacking is a broad and diversified category that is misunderstood. The dependency on storing data electronically, as computers have taken over a large part of our life, results in the increased risk of data theft and becoming suspectable to hacking accidents. So, learning more about the ...5th Jun 2022
With Digital Transformation, remote work acceptance and e-services becoming ubiquitous, Businesses’ and organizations – of all sizes – main concern is to keep its Information Technology (IT) up and running around the clock. This requires its various ingredients such as database and servers to be secure. This means they are always on the lookout for ways to achieve the most efficient way to be safe and secure. Typically, organizations follow basic protocols and use passwords to control and protect their digital assets from unauthorized access, however, statistics reveal that globally %58 of CISOs agree that human error is the number ...3rd Apr 2022
Organizations tend to only focus on setting cyber security measures for potential threats and intrusions made by external circumstances. Unfortunately, they undermine the possibilities of a trusted employee launching a cyber-attack against them. This negligence resulted in 34% of businesses being affected by an insider threat on a yearly basis. This cyber security risk does not only leave the organization vulnerable but is also viewed as an easy target for internal and external threats. Whoever has authorized access to sensitive data, either it being an employee or a partner (which sometimes referred to as Third-party risk), is considered trusted and ...3rd Mar 2022
Many businesses are constantly seeking ways to interact with and attract new customers. Their joint objective is to reach a wider audience. To do so, communication is key. There are many ways for businesses to communicate with their audience, either by email, social media, or adverts, but the most beneficial marketing method, that is often overlooked, is SMS (text messages). Currently, SMS is typically utilized for personal communication, but it has proved to be an important marketing method that helps boost businesses in today’s mobile-centered society. In 2021, up to 3.8 billion people own smartphones and 60% of them read ...1st Feb 2022
A shared scenario between many is being in public with a dying mobile device, franticly looking for a charger. When coincidently you find a free charging station calling out your name. You find a solution, but have you ever thought about the risks of using these public charging stations? The accessibility of these public USB charging stations is convenient but connecting your device to one can put you in a vulnerable position. With just plugging in your smartphone or laptop, you’re potentially opening up an opportunity for a threat actor to steal data or install malware all without your knowledge. This is known as Juice Jacking. Unfortunately, many are unaware ...2nd Jan 2022
Have you ever received an email wondering if it is legitimate or not, but then decide to click on it because the advertisement or the urgent warning catches your eye? Well, many have been in that situation with some consequently becoming victims to a phishing trap. Around 96% of phishing attempts are deployed via email and 74% of organizations suffered from a successful phishing attack (Proofpoint state of the Phish report 2021). These numbers will continue to rise if we don’t educate ourselves on phishing emails. Over time, cybercriminals are becoming more sophisticated and are in constant search of new ways to seamlessly trick their victims. Sometimes, even the ...12th Dec 2021
With mobile phones becoming an integral part of our daily life and with many shifting from desktops to mobile devices as their main way of computing, cybercriminals are following along. Unfortunately, the threats posed by mobile malware are evolving and becoming more sophisticated than ever, making them one of the rising cyber threats at this time. Cybercriminals are in constant search of sensitive data, and when such data is detected on a device, they will try their best to gain access through the device’s security flaws. Unfortunately, many do not educate themselves about the risks of having unsecure mobile devices ...2nd Nov 2021
With the increasing number of people moving from rural to urban areas, Smart cities have become the main attraction for many. The concept of Smart cities began between 1960 and 1970, but countries started prioritizing this idea in 2010. Yokohama, Japan, was the first city to be designated as a smart city demonstrator in 2010, two years later, Barcelona introduced data-driven urban services, such as public transportation, waste management, and street lighting, Cities are becoming more technologically empowered, and in order to capture opportunities and generate long-term success, they must become smarter. Unfortunately, cities that take this step neglect an ...3rd Oct 2021
With technology evolving day by day, new developments are being made to align with today’s fast-paced society and especially with remote work culture where we don’t meet people as often as we used to. Any business or organization must take this into consideration to keep up with the current trends. One of the notable evolvements that occurred is the means of communication. The way we communicate with one another changes as technology evolves. Calls, formerly, were the most common way for businesses to communicate with their customers, however, it has been revealed that 87% of the 97% of customers who reject calls from businesses, ...1st Sep 2021
The healthcare industry is known for being one of the primary targets for cybercriminals, and by 2020 it was ranked as the seventh most attacked sector. Unfortunately, hospitals, clinics, and medical laboratories have experienced a rise in these attacks in the last two years. And with the recent pandemic, cybercriminals took advantage of this event and launched many of their destructive plans. These attacks are mainly motivated by financial gain. They either sell the stolen data or request ransom money from their victims to enable them back access to their data. For instance, at the end of 2020, a major ...1st Aug 2021