Cybercriminals need to access personal user information or credentials to launch cyberattacks successfully. New phishing trends are the main ways they obtain this information.
Why should you care about phishing as an enterprise with secure business I.T. support? Because phishing is becoming more sophisticated, you can be attacked from anywhere, from your office network to your managed service providers. The best way to keep your business safe is by staying informed, so we’ve gathered the top phishing trends and tactics to watch out for at your workplace.
But before we can look at them, let’s first understand what phishing is and how it has evolved over the years.
What We’ll Cover:
- What is phishing?
- Emerging phishing trends
- The state of phishing
- Malware in Adobe, One Note, and HTML attachments
- Misdirection through authentic surveys
- Spear phishing (individualized cyberattacks)
- Emails with no text
- Referencing current events
- Fake voicemail alerts
- Key takeaways
What Is Phishing?
Phishing is a cyberattack where cybercriminals impersonate trusted entities. It can trick victims into revealing personal information like credit card details, login credentials, and sensitive passwords. The main avenue for phishing is email, where the goal is to deceive an email recipient. The message will often contain some content that the victim may want or need, for instance:
– A note from a colleague/boss;
– A market survey from a website;
– Or a giveaway or prize offer.
Since the email looks like it comes from a trusted source, users will be inclined to click the link or download the attachment contained in the email. Once they do, fraudsters can get their information and use it to defraud them.
We can explain phishing simply using a fishing analogy where the fraudster lays a bait hook (the phishing email), hoping the victim will take the bait.
Spear phishing takes this strategy further by targeting specific individuals rather than a broad audience. Instead of a wide net, spear phishing is like aiming for a specific fish.
So, a spear phishing attack can be defined as a focused effort to deceive a particular user into revealing personal information. The attacker pretends to be someone the user trusts, using detailed research to make the message more convincing.
Emerging Phishing Trends
Although email is the primary avenue for phishing, other communication media can be an access point. With the increase in remote workforces and the advancement of telecommunications, your business can fall prey to the following platforms:
– Social media
– Malware-infected websites
– SMS (commonly referred to as smashing)
– Voicemails (commonly referred to as vishing)
It is important to be aware of the different platforms where phishing attacks can be conducted to protect yourself and your business from becoming victims. Consult a professional I.T. company if you think your business is at risk of a cyberattack.
The State of Phishing
Our previous blog post reported that 1.2% of all emails sent daily are malicious (that’s 3.4 billion emails). Recent data reveals that this percentage has jumped to 7.7% (more than 20 billion), showing that malicious email phishing trends hit an all-time high in 2023.
Besides email, social media has proven to be a prominent avenue for phishing attempts. Social media usage has been blowing up recently, so unsurprisingly, phishing attempts via social media have increased by 12%. The finance industry is the most susceptible, with banks reporting the most cases, followed by cryptocurrencies.
Unsurprisingly, phishing tactics have shifted away from free domain registration since Freenom (the free domain registrar) ended. Numerous phishing attempts came from this service provider, and after a major lawsuit, Freenom no longer offers free domain registration.
From this, we can conclude that the latest phishing attacks mainly target email and social media. As a result, you’ll have to pay special attention to these two to stay secure. Keep reading to learn the top phishing trends to avoid.
Watch Out For These 6 Harmful Phishing Tactics
Phishing is a rapidly evolving form of cybercrime, and each year, you could face new, trickier tricks. Here, we’ll provide information on the phishing trends and tactics so you can stay ahead of cybercriminals this year. Ask your I.T. support company how to implement data backup solutions if you have questions.
1) Malware in Adobe, One Note, and HTML Attachments
The highly elusive malware family Qbot is increasingly distributed via Adobe, One Note, and HTML attachments in phishing emails. Qbot made up more than 87% of the payload volume in 2023. So, why has this tactic been so successful?
Adobe and One Note attachments can be easily scanned and malicious content removed. But, we can’t say the same for the HTML(this is simply a coding language for the structure of webpages) attachments. HTML attachments containing Qbot can bypass legacy business I.T. support systems, especially if they have JavaScript code (another coding language for the web). So, if you get an unsolicited email containing a .html file, you should think twice about interacting with it.
2) Misdirection Through Authentic Surveys
Both people and email protection systems are vulnerable to phishing emails with one-step instructions. So now, cybercriminals have adopted multi-step instructions to carry out more evasive phishing attempts. One of the ways they do this is by asking victims to participate in authentic surveys.
Yes, authentic surveys, because with services like Microsoft D365 Customer Voice, they can craft authentic surveys that bypass any security measures put in place by computer support systems. Since these are authentic and without grammar mistakes, they throw victims off their scent so that something malicious may happen.
3) Spear Phishing (Individualized Cyberattacks)
Spear phishing refers to targeted phishing attacks against specific individuals or organizations. When spear phishing, fraudsters gather personal information about their targets to craft highly customized and believable phishing emails, increasing the chances of success gainst I.T. support companies.
Today, people and organizations have a strong online presence. Fraudsters can leverage details shared on socials, for instance, LinkedIn, to create an extremely believable email sender(like a deep fake) that can easily convince the recipient that it is from a legitimate source.
4) Emails With No Text
Text-based phishing emails will likely not get past the email protection systems. Unfortunately, cybercriminals have found a way to work around this. They take a screenshot of the phishing instructions and then send the image via an email message without including any text.
Of course, they can’t include a link in this image, so they usually ask victims to call a number to complete a scam. For this reason, images are another set of attachments you should be on the lookout for in addition to HTML, Adobe, and One Note docs mentioned above.
5) Referencing Current Events
When Twitter came under new management in late 2022, some drastic changes occurred on the platform. For instance, numerous accounts lost their verification badges, and some are now required to pay for them.
Fraudsters have taken advantage of users’ desperation to get their badges back. Recently, users have received phishing messages from individuals impersonating Twitter staff, asking them to pay for their badges. Users who lacked business I.T. support and didn’t carefully look at the messages were defrauded into paying for these badges by fraudsters.
6) Fake Voicemail Alerts
In this type of phishing attack, users will receive a voicemail that claims to be from a legitimate company. The voicemail will say there is a problem with their account, and they will be asked to call a phone number to resolve the issue. However, the attacker controls the phone number; if they call it, you will be scammed.
Key Takeaways
Phishing tactics are getting more sophisticated, and there are fewer visual clues to help you spot phishing emails easily. This evolution means you must be more alert when dealing with these digital communication platforms, whether in the office or at home. Fortunately, by staying informed on the current tactics, you’ll be able to identify the most elusive attempts and keep your business safe from fraud.
Read Our Other Tech Support Guides
You can follow us on social media @cinchit for more free tech tips and guides. Read more below for a handy list of common issues that we troubleshoot every day:
– How to Spot Fake Links in Your Emails
– Top 5 Cameras for Professional Zoom Meetings
– How to Find the Best Local Onsite Support
– Top 5 Computer Monitors to Work from Home
– Top 5 Antivirus Programs to Keep Your Computer Safe
– Microphone Not Working on Zoom? Try This!
– Troubleshoot a Multiple Monitor Display Issue
– How to Set Exchange 2013 Email Message Size Restriction
– Export Outlook Cached Email Addresses
– How to Safely Work from Home
Stay Socially Connected
Connect with Cinch I.T. on Facebook, Twitter, LinkedIn, and Instagram with the hashtag #cinchit.
About Cinch I.T.
Since 2004, Cinch I.T. has provided customer-focused I.T. services for businesses. Whether you need remote work support or complete I.T. compliance services, our computer support offers the industry’s fastest and friendliest computer service. Cinch is one of the nation’s fastest-growing business I.T. support franchises with 12 locations across 6 states. To learn more about getting the best tech support in your area, visit cinchit.com. For more information about I.T. franchise opportunities, visit cinchfranchise.com.
Click here to find your nearest local Cinch I.T. office: