Google Fights Back in Phishing Explosion & So Should You
Phishing attacks have exploded in the wake of COVID-19, and it only seems to be getting worse. These tools can help SMBs be ready to defend against the onslaught.
Read MorePhishing attacks have exploded in the wake of COVID-19, and it only seems to be getting worse. These tools can help SMBs be ready to defend against the onslaught.
Read MoreA new FBI warning outlines a special kind of phishing scam targeting c-suite and accounts payable staff – proving that phishing training is necessary at every level.
Read MoreThe Secret Service warns that clever new phishing attacks simulating official emails, files, and links are being perpetrated by cybercriminals looking to take advantage of the anxiety created by COVID-19 and exploit an old MS Office vulnerability.
Read MoreCISA released a warning about a massive increase in phishing attacks referencing COVID-19. Cybercriminals aren’t just using old tricks in new ways, they’ve added to their playbook.
Read MoreCoronavirus (COVID-19) has many companies teleworking putting them at higher risk for a data breach. Use these tools and tips to mitigate the risk of staff working remotely.
Read MoreFew cyber threats are as prevalent and costly as phishing attacks. In 2018, Microsoft documented a 250% increase in phishing campaigns, which masquerade as legitimate products or services but actually carry malicious payloads that steal credentials and compromise IT integrity. To no surprise, the rise of phishing attacks continues to trend upward and is wreaking havoc for SMBs and enterprises alike. Even as companies implement automated defenses intended to keep phishing attacks out of employee inboxes, many inevitably make their way through. A recent survey found that nearly half of respondents reported malicious emails reaching employee inboxes every week, and 20% indicated that they experienced a data breach as a consequence of a phishing vulnerability. In fact, Verizon’s 2019 Data Breach Investigations Report concluded that ⅓ of all cyberattacks begin with a phishing scam. To maintain an edge, hackers are continuously evolving their strategies and improving their attack methods, making their efforts increasingly difficult to detect. In other words, employees may not be fooled by phony emails from a foreign leader or celebrity, but they could be compromised by a call or IM from their manager or CEO. Follow along as the ID Agent team outlines four of the latest phishing attack trends that you’ll want to know in order to protect your business. #1 Increased Personalization The past several years have seen billions of records compromised, and the consequences far exceed the immediate media scrutiny and consumer backlash that follows in the wake of breach. Cybercriminals are repurposing exposed information to craft sophisticated phishing campaigns that are camouflaged with authentic-looking information purportedly from known and trusted sources. For example, we recently reported on an Ocala City employee who transferred $640,000 to a fraudulent bank account in response to a spear phishing campaign that contained a legitimate invoice amount from one of the city’s construction contractors. Similarly, Italian precision engineering companies are facing a slew of phishing attacks that seem to originate from potential clients. Such emails will include company and sector-specific details and be embedded with a Microsoft Excel document that hosts malicious, credential stealing code. #2 Multi-platform Approaches Phishing scams are commonly associated with email messages, but today’s cybercriminals are taking advantage of diverse communication platforms to posit messages in our various inboxes. Often hackers leverage SMS and social media accounts to reach their victims. SMS phishing attacks, colloquially known as “smishing,” are targeting users’ reflexive instinct to trust and respond to text messages on their phone. Targeting users on their social media is no different and can have a similar result. In 2019, Facebook is the most impersonated social media platform, with a 176% year-over-year increase in phishing URLs. To be effective, hackers rely on the perception of authenticity, and reaching users on these familiar platforms can trick unsuspecting victims into handing over the keys to their accounts. #3 HTTPS Encryption In addition to reaching users in familiar territory, hackers are deploying the internet’s sign posts of security to elicit the trust of their victims. Specifically, cybercriminals are manipulating HTTPS, the internet protocol that denotes encryption and security, to trick users into a false sense of security. It’s estimated that 58% of all phishing campaigns use HTTPS, which both makes it less likely that users will identify the fraudulent website and that internet browsers will flag the unsecured connection. This tactic has become so prevalent that the FBI issued a public warning this summer urging people to take special care to evaluate their digital communications for intent rather than relying on traditional representations of internet security. #4 Dynamic BEC Campaigns Between the treasure trove of data available on the Dark Web to the information readily published on company websites, hackers can effectively impersonate higher-ups or IT administrators with staggering effectiveness. Business Email Compromise (BEC) scams rely on personalization, and today’s hackers dialogue directly with their victims to gain trust. Once achieved, hackers send a simple request, like editing a document or filling out a form that ultimately directs victims to a phishing website. To increase their efficacy, many cybercriminals include these links in attachments, which makes them both harder to detect by software and less likely to be identified by readers. Staying one step ahead It’s evident that phishing scams will continue to keep IT admins up at night for years to come. However, there is a silver lining. Unlike other cyber attacks, phishing scams are only effective if they are acted upon, and companies can mitigate such threats with regular, comprehensive awareness training to their employees. With the right solutions provider, you can equip your employees to stay abreast of emerging threats, report potential misuses of data, and transform themselves into the first and best line of security against cybercriminals. Whether you’re a small business or large enterprise, you have the power to stop phishing attacks from stealing employee credentials or proprietary information. Our BullPhish ID™ program simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.
Read MorePhishing is one of the most common, yet dangerous methods of cybercrime. Despite cybersecurity experts’ warnings over the years, it seems that internet users still consistently fall prey to these simple but effective attacks.
Read MoreStolen email credentials are an often exploited vulnerability for government and corporate networks. In fact, Verizon announced in a recent study that 91% of phishing attacks specifically targeted email credentials.
Read MoreThe IRS recently issued an alert, warning Human Resources or Payroll professionals to be on the lookout for an email scheme designed to steal employee data from W-2 forms. The scam has already claimed some high profile victims, such as Snapchat, and is especially threatening as employees are in the midst of tax season.
Read MoreDo you think the IRS is protecting your personal information from cyber thieves? Apparently the Government Accountability Office (GAO) doesn’t think so. In a March 2016 report titled, “IRS Needs to Further Improve Controls Over Financial Taxpayer Data”, the GAO found that 28 vulnerabilities that the IRS claimed to have resolved have still not been fixed.
Read More