Phishing scams continue to be one of the biggest threats organizations face today. Perhaps because it targets what most cybersecurity professionals agree to be the weakest link in the cybersecurity chain—the human element. Â
Last year, a survey of 1,000 IT professionals conducted by automation company Ivanti revealed that 74% of organizations had fallen prey to phishing. Most respondents said the volume and sophistication of phishing attempts they saw had increased.
To avoid falling prey to phishing attacks in 2022, organizations should familiarize their employees with the top phishing themes and trends so they can better recognize and avoid them.Â
Strengthen your organization’s defenses against advanced cyberattacks, like ransomware, by elevating phishing awareness with these expert tips and actionable insights.Â
Table of Contents
5 Phishing Scams to Be on the Lookout For
1. Pandemic-related Phishing Isn’t Going Away
When COVID-19 was declared a pandemic by the World Health Organization in March 2020, phishers instantly recognized the opportunity created by global fear and uncertainty.Â
The same month, Barracuda Sentinel researchers recorded 9,116 spear-phishing attacks related to COVID-19, an increase of 667% compared with February 2020.Â
Even though it has been two years since the original outbreak, COVID-19 still dictates the pace of life in many countries. Related spear phishing attacks continue to target people with malicious government documents, fake vaccination forms, and other scams.Â
2. Social Media Sites Are Being Used for Phishing
As organizations across most sectors keep expanding their social media presence, attackers are finding ways to use social media sites for phishing attacks. Â
ExampleÂ
Attackers have been caught impersonating trusted brands like Microsoft and Google to target carefully selected employees with spear-phishing messages that seem to come from a real brand representative.Â
To prevent social media phishing attacks from becoming a major problem, it’s crucial to understand one thing: the friendly and informal nature of sites like Facebook and Twitter doesn’t guarantee that all users have good intentions. Â
3. Phishers Are Learning to Create Convincing Deepfakes
The recent advances in artificial intelligence and machine learning have made it possible to create synthetic media based on existing material. Unfortunately, not all applications of this technology are as amusing as memes with face-swapped actors.Â
A bank manager in Hong Kong learned the hard way just how convincing deepfakes can be when he received a call in 2020 from who he believed to be a familiar company director. At the time, the bank manager had no idea that the man requesting the authorization of a $35 million bank transfer was a fraudster who had cloned the director’s voice using AI.Â
4. Business Email Compromise Attacks Take Spear Phishing to the Next Level
Business email compromise (BEC) is a sophisticated spear phishing attack that’s especially difficult to recognize because it involves a hacked, spoof, or impersonated business email address. Phishers impersonate the real owner of an email address and send carefully crafted wire transfer requests, hoping they will be approved without question.Â
Depending on how the target is, a BEC attack may take weeks and even months of reconnaissance on social media and the web in general to understand who individual employees are, what their responsibilities are, and how they communicate with one another.
5. Phishing as a Steppingstone to Ransomware
The purpose of phishing is to trick the victim into disclosing sensitive information or doing something that’s against their best interest. Increasingly often, the ultimate goal of phishers is to trick employees into infecting their work devices with ransomware, a type of malware that encrypts data on a device and then demands a hefty ransom payment for its decryption.Â
In 2021, ransomware cybersecurity solutions provider SonicWall detected 304.7 million attempted ransomware attacks, more than ever before. This worrying trend will likely continue for as long as employees keep falling for phishing attacks.Â
Let Us Help You Fight Back Against Cyberattacks
Reliable phishing protection requires a multi-pronged approach encompassing everything from cybersecurity awareness training to network monitoring to endpoint security and more.Â
Teal’s managed cybersecurity services can help you implement these and other security essentials so you can successfully fight back against phishing attacks this year and beyond.
We provide responsive and secure managed IT services to SMBs nationally, with local headquarters based in:Â
- Minneapolis Â
Contact us today to get started.Â