Cybercriminals need to access personal user information or credentials to launch cyberattacks successfully. New phishing trends are the main ways they obtain this information.
Why should you care about phishing as an enterprise with secure business I.T. support? Because phishing is becoming more sophisticated, you can be attacked from anywhere, from your office network to your managed service providers. The best way to keep your business safe is by staying informed, so we’ve gathered the top phishing trends and tactics to watch out for in 2023.
But before we can look at them, let’s first understand what phishing is and its state in 2023.
What We’ll Cover:
What Is Phishing?
Phishing is a cyberattack where cybercriminals impersonate trusted entities. It can trick victims into revealing personal information like credit card details, login credentials, and sensitive passwords. The main avenue for phishing is email, where the goal is to deceive an email recipient. The message will often contain some content that the victim may want or need, for instance:
– A note from a colleague/boss;
– A market survey from a website;
– Or a giveaway or prize offer.
Since the email looks like it comes from a trusted source, users will be inclined to click the link or download the attachment contained in the email. Once they do, fraudsters can get their information and use it to defraud them.
We can explain phishing simply using a fishing analogy where the fraudster lays a bait hook (the phishing email), hoping the victim will take the bait.
Emerging Phishing Trends
Although email is the primary avenue for phishing, other communication media can be an access point. With the increase in remote workforces and the advancement of telecommunications, your business can fall prey to the following platforms:
– Social media
– Malware-infected websites
– SMS (commonly referred to as smashing)
– Voicemails (commonly referred to as vishing)
It is important to be aware of the different platforms where phishing attacks can be conducted to protect yourself and your business from becoming victims.
The State of Phishing in 2023
Our previous blog post reported that 1.2% of all emails sent daily are malicious (that’s 3.4 billion emails). Recent data reveals that this percentage has jumped to 7.7% (more than 20 billion), showing that malicious email phishing trends hit an all-time high in 2023.
Besides email, social media has proven to be a prominent avenue for phishing attempts. Social media usage has been blowing up recently, so unsurprisingly, phishing attempts via social media have increased by 12%. The finance industry is the most susceptible, with banks reporting the most cases, followed by cryptocurrencies.
Unsurprisingly, phishing tactics have shifted away from free domain registration since Freenom (the free domain registrar) ended. Numerous phishing attempts came from this service provider, and after a major lawsuit, Freenom no longer offers free domain registration.
From this, we can conclude that phishing attacks 2023 mainly target email and social media. As a result, you’ll have to pay special attention to these two to stay secure. Keep reading to learn the top phishing trends to avoid.
Watch Out For These 6 Harmful Phishing Tactics
Phishing is a rapidly evolving form of cybercrime, and each year, you could face new trickier tricks. Here, we’ll provide information on the phishing trends and tactics in 2023 so you can stay ahead of cybercriminals this year. Ask your I.T. support company how to implement these steps if you have questions.
1) Malware in Adobe, One Note, and HTML Attachments
The highly elusive malware family Qbot is increasingly distributed via Adobe, One Note, and HTML attachments in phishing emails. Qbot made up more than 87% of the payload volume in 2023. So, why has this tactic been so successful?
2) Misdirection Through Authentic Surveys
Both people and email protection systems are vulnerable to phishing emails with one-step instructions. So now, cybercriminals have adopted multi-step instructions to carry out more evasive phishing attempts. One of the ways they do this is by asking victims to participate in authentic surveys.
Yes, authentic surveys, because with services like Microsoft D365 Customer Voice, they can craft authentic surveys that bypass any security measures put in place by computer support systems. Since these are authentic and without grammar mistakes, they throw victims off their scent so that something malicious may happen.
3) Spear Phishing (Individualized Cyberattacks)
Spear phishing refers to targeted phishing attacks against specific individuals or organizations. When spear phishing, fraudsters gather personal information about their targets to craft highly customized and believable phishing emails, increasing the chances of success.
Today, people and organizations have a strong online presence. Fraudsters can leverage details shared on socials, for instance, LinkedIn, to create an extremely believable email sender(like a deep fake) that can easily convince the recipient that it is from a legitimate source.
4) Emails With No Text
Text-based phishing emails will likely not get past the email protection systems. Unfortunately, cybercriminals have found a way to work around this. They take a screenshot of the phishing instructions and then send the image via an email message without including any text.
Of course, they can’t include a link in this image, so they usually ask victims to call a number to complete a scam. For this reason, images are another set of attachments you should be on the lookout for in addition to HTML, Adobe, and One Note docs mentioned above.
5) Referencing Current Events
When Twitter came under new management in late 2022, some drastic changes occurred on the platform. For instance, numerous accounts lost their verification badges, and some are now required to pay for them.
Fraudsters have taken advantage of users’ desperation to get their badges back. Recently, users have received phishing messages from individuals impersonating Twitter staff, asking them to pay for their badges. Users who didn’t carefully look at the messages were defrauded into paying for these badges by fraudsters.
6) Fake Voicemail Alerts
In this type of phishing attack, users will receive a voicemail that claims to be from a legitimate company. The voicemail will say there is a problem with their account, and they will be asked to call a phone number to resolve the issue. However, the attacker controls the phone number; if they call it, you will be scammed.
Phishing tactics are getting more sophisticated, and there are fewer visual clues to help you to spot phishing emails easily. This means you must be more alert when dealing with these digital communication platforms, whether in the office or at home. Fortunately, by staying informed on the current tactics, you’ll be able to identify the most elusive attempts and keep your business safe from fraud.
Read Our Other Cybersecurity Training Guides
You can follow us on social media @cinchit for free tech tips and guides. Read more below for a handy list of business I.T. support services that we troubleshoot every day:
About Cinch I.T.
Since 2004, Cinch I.T. has provided customer-focused I.T. services for businesses of all sizes. Whether you need a business continuity plan or a reliable cloud computing office, our computer support offers the fastest and friendliest service in the industry. Cinch is one of the nation’s fastest-growing I.T. support franchises, with 12 locations and counting. To learn more about our managed I.T. solutions, visit cinchit.com. For more information about I.T. franchise opportunities, visit cinchfranchise.com.
Click here to find your local Cinch I.T. support company: