Phishing attacks nearly doubled in 2020 as compared to the prior year and we’re seeing a similar trend in 2021 with phishing on the rise. This method of attack is by far the most prevalent and it continues to evolve and get more sophisticated all the time.

Without protection against various phishing tactics, companies can face multiple threats to their network security, including ransomware, data breaches, credential theft, and account takeovers. 

Phishing has become more dangerous over the last few years because many attack campaigns are run by large criminal groups or state-sponsored hacking organizations. These groups invest money into making phishing more effective and continue to optimize how much money they can make and how fast they can deliver attacks.

This in turn increases the volume of attacks and the risk level. 

One of the ways to stay one step ahead of phishing attacks is to know what new tactics are being used so you can properly prepare your team. Following are some of the alarming new phishing trends being seen by industry cybersecurity experts around the world.

1. Increased Use of Breach Specialists (Initial Access Brokers)

Initial Access Brokers are hackers that specialize in getting inside a network. They facilitate that first breach, so others can then conduct their attacks. Because this is the main focus of this group of outside contractors, they’re very good at it.

In efforts to optimize the success of phishing campaigns criminal groups are increasingly hiring these experts to launch that initial part of the attack that gets them inside a network. This can be through an elaborate credential theft campaign or a tactic using malware to breach a network device.

2. SMS Phishing is Increasing

SMS phishing (smishing) is on the rise and many employees aren’t aware. They’re used to being careful of unexpected emails and may even be well-trained in tactics like hovering over links to reveal the URL beneath them. However, many aren’t expecting to receive fake text messages that look like the shipping notices they normally get from Amazon and other retailers.

Mobile phone numbers are becoming easier to get, which is why scam robocalls have become such a problem for mobile device users. Cybercriminals are also using these numbers to launch phishing campaigns via text message deploying hidden links that users often can’t roll over in the same way they can on a computer.

3. More Use of Brand Impersonation

Impersonating another company is a common phishing tactic to fool users into thinking a phishing email is legitimate. They’ll use their logo, signature, and make a carbon copy of emails from brands like Microsoft 365, Amazon, and Netflix.

But scammers don’t only impersonate larger companies. Your business needs to watch out for the use of brand impersonation when it comes to vendors you do business with, such as your internet service provider or website host. 

4. Monetization of Business Email Compromise (BEC)

Up until now, ransomware has been one of the most lucrative types of phishing attacks that hackers could launch, which is why ransomware has been exploding in volume in recent years. But now hackers are finding out that compromising a company email address can also rake in the cash.

Once they breach a user email address (preferably someone in a managerial position), scammers can send out emails from that person’s email account to other employees. Those employees will typically not suspect a phishing attack because they recognize the person and see their real email address is used.

BEC is often used with gift cards scams, where the scammer will direct employees to purchase gift cards and reply with the codes.

5. Increased Targeting of Smaller Companies Using Spear Phishing

Smaller companies need to worry about the increased use of spear phishing. This targeted form of attack that uses more personal details used to be saved just for the larger organizations because of the research needed.

But now with the efficiency improvements of phishing attacks, small businesses are also being singled out and targeted in the same way.

6. Disgruntled Employees Are Being Targeted for Their Passwords

You may want to ensure you don’t have any particularly unhappy or disgruntled employees because they could potentially be the source of a breach. In efforts to conduct attacks on company cloud accounts, hackers are phishing for user login credentials.

One of the new tactics they’re using is to outright offer employees cash for their login details. They play the numbers, thinking that most companies have at least one disgruntled employee that might take them up on that offer. If they do a little searching on social media, it may also not be hard to find someone unhappy with their employer based upon the things they are posting.

Are You Due for a Review of Your Cybersecurity Strategy?

Companies must evolve their cybersecurity strategy to keep up with the evolution of phishing and other cyberattacks. BrainStomp can help your business with a full review of your current protections and make suggestions for any areas of risk.

Schedule a free consultation today! Call 260-918-3548 or reach out online.