Phishing has been a persistent problem for nearly two decades now. What seems like a simple concept, trick someone through an email, has become a major criminal enterprise.
When you get a phishing email these days, it’s often not coming from a lone hacker trying to cause trouble. Rather, it’s most likely part of a sophisticated campaign launched by a large criminal underground organization or state-sponsored hacking group.
Big money can be made through phishing because it’s an all-purpose method of launching just about any type of attack, from ransomware to credential theft.
How bad is phishing getting?
In May of 2021, phishing attacks skyrocketed by 281%, and just a month later, in June, they rose 284%. If you don’t have strong cybersecurity protection and continuous system monitoring in place, then you can easily be taken down by a phishing attack.
Not that companies need any more to worry about when it comes to phishing, but there are also several disturbing trends that help explain why phishing is not only still dangerous but becoming more dangerous as time goes by.
Be Aware of These Disturbing Phishing Attack Trends
Criminal Groups are Using “Initial Access Brokers”
Large companies will outsource certain things. For example, many outsource their IT management to a trusted partner, like Texas I.T. Pros. This allows them to focus on what they do best and have a professional handling their technology.
Criminal groups that conduct sophisticated phishing scams have begun doing the same. They’ve started outsourcing the initial breach into a company network to what’s known as an “initial access broker.”
These are people that specialize in opening the door to a company’s network and then turning things over to their client who will then unleash malware or another type of malicious threat.
More Monetization of Business Email Compromise
Once hackers gain access to a company email address, they can unleash money-making schemes that end up being quite lucrative. This is another attack type that is trending up.
A typical form of monetizing business email compromise is for a criminal group to gain access to one company email, preferably that of someone in a position of power.
An email campaign is then unleashed company-wide that sends emails to employees appearing to be from a “boss” or someone with authority from within the company. The email will ask employees to buy gift cards for a charitable organization, or something similar, and then send the gift card details.
The perpetrators of the attack then sell these on the black market.
Brand Impersonation is Becoming Popular
Many people have been taken in by a fake Netflix or Microsoft 365 login page. Phishing scammers will impersonate a brand, sending emails out using their signatures and logo.
Those emails will link to a website designed to look exactly like that of the company being impersonated. Through that site, scammers can steal user login details, credit card information, and more.
This not only hurts the victim but also the company being impersonated because consumers will still somewhat blame them even though they had nothing to do with the impersonation.
Companies will often have to dedicate customer service resources to explain the impersonation to their customers and warn them about it.
Smaller Companies Are Being Hit With Targeted Phishing Campaigns
Targeted phishing campaigns take more time and effort to put together than a generic campaign. The difference is that a targeted campaign involves research of a company to look at things like their vendors or customers.
A phishing attacker may then put together an email and website that impersonates another entity the target company would know, such as their website hosting provider.
It used to be that criminals only went through that trouble to target large enterprises with things like ransomware. But with ransomware providing a payout of some type, even when small businesses are hit, smaller companies are now being targeted as well.
It can be worth a hacker’s time to do the research and prep involved, even for small businesses because one ransomware hit can pay out thousands of dollars.
Targeted campaigns also do much better than generic. Generic phishing emails get about a 1% response rate, and targeted phishing emails can have a response rate up to 75%.
Hackers are Enticing Disgruntled Employees to Gain Credentials
No one likes to think their employees would participate in a cyberattack against their company, but they are increasingly becoming a target of hackers.
While an unhappy shipping clerk might not have the skills or wherewithal to conduct any type of online attack themselves, if they’re offered money just to share a password to a company system, they may just do it.
Insider credentials are very valuable to online criminals as they allow them a way into a company network, bypassing systems designed to defend against intruders.
The value of those credentials has encouraged these criminal groups to target any employees that might be desperate for money or have a bone to pick with their employer.
When Is the Last Time You Had a Cybersecurity Assessment?
It’s important to regularly assess your cybersecurity protections to ensure they’re keeping up with the latest threats. Texas I.T. Pros can help your Denton or Wise County business with a full assessment, so you know where you stand.
Contact us today to learn more! Call 940-239-6500 or reach out online.