Phishing attacks aren’t new, but they’re certainly not going anywhere. Phishing is one of the biggest cyber threats organizations and individuals face.
Phishing attacks refer to cyber crimes where an individual or entity tries to get personal or sensitive information through the use of emails and websites. Typically, when someone is the target of a phishing attack, it comes as an email.
The idea behind phishing is having the recipient think the message is something they need, and they then click a link or sometimes download an attachment.
One of the most problematic components of phishing and why it so often fools even people who are well-trained on cybersecurity is because the attack looks as if it comes from a trusted person or organization.
In the business sense, that could mean an email is seeming as if it comes from a person you know. In the business sense, maybe the phishing attack appears to come from a vendor you do business with, for example.
The prevalence of phishing underscores the need for technology allowing you to securely share confidential documents online.
Phishing attacks are primarily targeted enterprises. They once targeted individuals mostly, but now that’s shifted.
So, what else should you know about phishing and phishing trends and things to watch for in 2019?
According to a recent report from Forbes, before 2019 most phishing attacks were targeting financial accounts. For example, the goal might have been credit card numbers and bank information. What phishing attacks are doing now instead of impersonating banks, and places you do financial business with are impersonating SaaS services.
This can include Dropbox and Office 365 among others. The Forbes report also mentions Slack as one of the SaaS platforms being targeted by more phishing attacks.
What will happen is that you might receive an email stating there was a suspicious login to your account, and that you need to change your password. Then, you click a link where you go to a fake page.
Once the cybercriminals gain access to the SaaS platforms, it provides them access to an abundance of business information, and they can expand their access by sending phishing emails to other people in the organization.
In the past, phishing attacks were tricky but compared to now it was easier to see they were fake or malicious. Now, cyber attackers are getting more sophisticated in their strategies, and this includes phishing.
A lot of these messages are becoming highly personalized, so it’s incredibly difficult to discern whether or not they’re real. For example, phishing email messages might include specific names and logos from organizations. Some phishers can even hack email accounts to see how that person might speak to someone they’re emailing.
Unfortunately, in many ways, it’s getting easier and not harder for cybercriminals. There is something called phishing kits that are a complete package of everything you would need to launch a phishing attack.
These kits and mailing lists are available on the dark web, indicating it’s not likely phishing will slow down. If anything, it’s likely to pick up steam.
The Use of HTTPS
Another trend to look for and be aware of in 2019 is the use of HTTPS. The HTTPS abbreviation and the lock symbol in the address bar of a website used to mean that data exchange between the browser and the site being visited is encrypted. This is often an indicator that a site is safe and also legitimate.
However, now scammers are using HTTPS. According to research cited by Hoxhunt, at the end of 2017, the number of scammers using HTTPS had gone from five percent to 20 percent, and it kept rising throughout 2018.
Finally, a lot of phishing campaigns are event-specific. The campaigns used to be primarily evergreen, meaning they could be used year after year without many alterations.
In 2018, some of the more well-known phishing campaigns involved certain events. For example, the GDPR was passed as a means to protect privacy in the European Union, but that then turned into an opportunity for scammers.
They would send companies and employees emails letting them know they needed to send certain information to remain compliant. There have also been event-specific phishing campaigns targeting the use of Airbnb accounts and the 2018 World Cup.
Some of the ways to protect yourself and your business include training employees and retraining them each year on updated phishing tactics, requiring two-factor authentication and of course, putting security technology and protections into place.