We take security seriously at Hosting Australia and like to stay on top of the most common security issues, so the most common way for cyber criminals to gain access to an organisation was through phishing, according to the 2022 X-Force Threat Intelligence Index. They typically do so in advance of a much larger attack, such as ransomware. According to the Index, phishing was used in 41% of X-Force-remediated attacks in 2021. This represents a 33% increase over 2021.
With global ransomware attacks on businesses up 32% year on year and individuals up 38%, businesses that fail to use security tools like two-factor authentication or properly configure their VPNs may be especially vulnerable. In contrast to previous scattershot approaches, cybercriminals are making a concerted effort to go after larger, more valuable targets by employing advanced techniques such as deepfaking audio from employees, managers, and executives. Trending cybercrime includes impersonating parcel delivery services to obtain personal information, sextortion scams that prey on the target’s guilt and social standing, and the ever-popular tech support scams. Many of these techniques, however, effectively boil down to an ever-evolving family of hacking strategies known as phishing.
Phishing, like the outdoor sport after which it is named, refers to a set of activities in which a scam artist attempts to trick you into disclosing sensitive personal information through various forms of deception. Once obtained, the scammer will use or sell your information to enrich themselves or to supplement more sophisticated scamming strategies.
One of the primary reasons threat actors are ramping up phishing attacks is that it only takes one person to make a split-second mistake to cause significant business and reputational damage. Cybersecurity professionals must constantly stay on top of new phishing trends. They can then use the appropriate technology to help prevent the appropriate types of attacks. Most importantly, they must concentrate on training employees to detect and prevent attacks.
Here are five phishing trends to expect in your organisation in 2022:
Phishing
Phishing scams frequently target large groups because at least one member will be duped into putting themselves on the “hook.” Rather than focusing on a specific target, basic phishing casts a wide nett by employing tools such as emails with malicious attachments, social media messages, SMS, phone calls, and even the creation of fake websites for businesses and organisations.
When the potential victim opens the corrupted file or link, the scammer takes advantage of the opportunity to obtain personal or financial information, download malware onto their computer, steal their identity, and so on.
Spear Phishing
Similar to the previous phishing analogy, spear phishing necessitates a great deal of dedication and a laser-like focus on your target. Ideally, by the time your quarry realises what you’re up to, it’s far too late to react.
In contrast to the all-encompassing approach of generic phishing, spear phishing involves a highly realistic and well-crafted attempt to compromise the information security of specific individuals or organisations. Furthermore, because of the effort put in to appear as plausible and credible as possible, spear phishing scams can be difficult to detect and prevent.
Whaling
Whaling victims are usually people of enormous political, financial, and social standing. Given a whale’s wealth and influence, it’s unlikely that even more technologically advanced tactics like faking email addresses or creating a fake website will be successful. Instead, a common tactic is to get the whale to fill out a fake tax form with valuable information like Social Security numbers, bank account details, addresses, legal names, and so on.
Vishing
Vishing is a new twist on a classic scam that involves spoofing phone numbers from family, friends, loved ones, businesses, government officials, and others. Scammers will impersonate such figures in order to obtain valuable information, purchase gift cards or money orders, raise bail money, collect on owed back taxes, or any number of other ruses.
Unfortunately, many victims of this tactic are either elderly or unfamiliar with cutting-edge technology, making them vulnerable to phishing scams that rely on emotional connections. Vishing is a valuable tool in the scam artist’s toolbox because it is commonly used for both short-term financial gain and long-term projects such as identity theft.
Sugar daddy scams
For those who are unfamiliar with the term “sugar daddy,” it refers to an older and wealthier individual effectively purchasing the love and affection of a younger partner.
Sugar daddy scams are intended to take advantage of young women in precarious financial situations or those seeking an otherwise unattainable standard of living. These cybercriminals initiate conversations with potential victims on social media platforms by offering a weekly or monthly allowance for companionship. However, before they can begin receiving such an allowance, the victim must first share their Venmo, PayPal, or other online payment account information and deposit a sum into the scammer’s account for “verification.” This scam can be especially devastating for victims who may not seek help because such relationships are illicit or embarrassing.
Cryptocurrency scams
Regardless of the long-term performance of the cryptocurrency market, one indisputable fact is that scammers will not be far behind where cryptocurrency goes.
Prominent examples of cryptocurrency scams include spoofing tweets from major crypto promoters to infiltrating entire communities built around cryptocurrency before robbing them blind. Fortunately, one of the easiest (and cheapest) ways to avoid falling for a cryptocurrency scam is to use your best judgment. If it sounds too good to be true, it probably is.. Other effective scam prevention methods include the use of multi-factor authentication services for online crypto wallets and avoiding conducting trades via your mobile device.
How to Avoid Phishing Scams
As antivirus and anti-malware protections become more robust, phishing scammers are forced to become more inventive in their attempts to steal money, valuable data, and even your identity. Although the exact methods vary from scammer to scammer, the following are common tricks that phishers will use via email and SMS:
- Sending you a spoof message from a legitimate company claiming a billing problem
- Emails with the subject “Reset Your Password” that are not requested
- A random text message with an attachment in which you claim to have money from your most recent tax return.
- Account cancellation notifications are pending confirmation of your personal information.
- Make up fake forms, surveys, and invoices to encourage you to fill out important information.
- Freebies and coupons for costly goods and services
Fortunately, there are steps you can take in your daily online activities to avoid being phished, such as:
- Examining the email or message for misspellings or the absence of a business greeting
- Ensure that your smartphone, PC, tablet, or other electronic device is set to receive automatic security updates.
- Investing in powerful antivirus and anti-malware software to safeguard important data
- Whenever possible, use multi-factor authentication to reduce the possibility of your accounts being compromised.
- Using external hard drives or cloud computing services to backup your data
- Never send sensitive information, such as your credit card number or Social Security number, via email or text.
- Using spam filters and not clicking on suspicious links or opening attachments in unexpected emails
If you ever receive an email that you are unsure about or click on a link, please contact Hosting Australia’s support immediately at 1300 761 930 so that we can assist you in protecting your account.