Top 5 Phishing Scams to Look Out for in 2023

Phishing scams continue to be one of the biggest threats organizations face today. Perhaps because it targets what most cybersecurity professionals agree to be the weakest link in the cybersecurity chain—the human element.  

Last year, a survey of 1,000 IT professionals conducted by automation company Ivanti revealed that 74% of organizations had fallen prey to phishing. Most respondents said the volume and sophistication of phishing attempts they saw had increased.

Phishing Quote

To avoid falling prey to phishing attacks in 2022, organizations should familiarize their employees with the top phishing themes and trends so they can better recognize and avoid them. 

Phishing Cheat Sheet eBook Mockup

Strengthen your organization’s defenses against advanced cyberattacks, like ransomware, by elevating phishing awareness with these expert tips and actionable insights. 

Table of Contents

5 Phishing Scams to Be on the Lookout For

1. Pandemic-related Phishing Isn’t Going Away

When COVID-19 was declared a pandemic by the World Health Organization in March 2020, phishers instantly recognized the opportunity created by global fear and uncertainty. 

The same month, Barracuda Sentinel researchers recorded 9,116 spear-phishing attacks related to COVID-19, an increase of 667% compared with February 2020. 

Even though it has been two years since the original outbreak, COVID-19 still dictates the pace of life in many countries. Related spear phishing attacks continue to target people with malicious government documents, fake vaccination forms, and other scams. 

2. Social Media Sites Are Being Used for Phishing

As organizations across most sectors keep expanding their social media presence, attackers are finding ways to use social media sites for phishing attacks.  

Example 

Attackers have been caught impersonating trusted brands like Microsoft and Google to target carefully selected employees with spear-phishing messages that seem to come from a real brand representative. 

To prevent social media phishing attacks from becoming a major problem, it’s crucial to understand one thing: the friendly and informal nature of sites like Facebook and Twitter doesn’t guarantee that all users have good intentions.  

3. Phishers Are Learning to Create Convincing Deepfakes

The recent advances in artificial intelligence and machine learning have made it possible to create synthetic media based on existing material. Unfortunately, not all applications of this technology are as amusing as memes with face-swapped actors. 

A bank manager in Hong Kong learned the hard way just how convincing deepfakes can be when he received a call in 2020 from who he believed to be a familiar company director. At the time, the bank manager had no idea that the man requesting the authorization of a $35 million bank transfer was a fraudster who had cloned the director’s voice using AI. 

4. Business Email Compromise Attacks Take Spear Phishing to the Next Level

Business email compromise (BEC) is a sophisticated spear phishing attack that’s especially difficult to recognize because it involves a hacked, spoof, or impersonated business email address. Phishers impersonate the real owner of an email address and send carefully crafted wire transfer requests, hoping they will be approved without question. 

Depending on how the target is, a BEC attack may take weeks and even months of reconnaissance on social media and the web in general to understand who individual employees are, what their responsibilities are, and how they communicate with one another.

5. Phishing as a Steppingstone to Ransomware

The purpose of phishing is to trick the victim into disclosing sensitive information or doing something that’s against their best interest. Increasingly often, the ultimate goal of phishers is to trick employees into infecting their work devices with ransomware, a type of malware that encrypts data on a device and then demands a hefty ransom payment for its decryption. 

In 2021, ransomware cybersecurity solutions provider SonicWall detected 304.7 million attempted ransomware attacks, more than ever before. This worrying trend will likely continue for as long as employees keep falling for phishing attacks. 

Let Us Help You Fight Back Against Cyberattacks

Reliable phishing protection requires a multi-pronged approach encompassing everything from cybersecurity awareness training to network monitoring to endpoint security and more. 

Teal’s managed cybersecurity services can help you implement these and other security essentials so you can successfully fight back against phishing attacks this year and beyond.

We provide responsive and secure managed IT services to SMBs nationally, with local headquarters based in: 

Contact us today to get started. 

Latest Teal News

Subscribe to Our Newsletter

Join Teal Exclusive now to be notified of the latest news, tech tips, and more.

Recent Articles
Categories
Don’t Stop Here

More To Explore

Malware Detected Warning Screen

What Is Fileless Malware? How To Protect Against It

Cybercriminals keep sharpening their digital tools of trade to maintain the upper hand over their targets. Among their most effective techniques is fileless malware, which is estimated to be roughly 10x

Passwordless Authentication

What is Passwordless Authentication?

Countless cybersecurity awareness training sessions have been dedicated to passwords over the years. Their goal is to keep employees from using weak passwords, sharing them with their colleagues, and storing them insecurely. However,