Refreshing yourself on phishing tactics
Though we discuss the dangerous nature of phishing scams on Bytagig a lot, it’s time again to take a fresh look at social engineering schemes for the upcoming year (and beyond). Phishing attacks have existed since the earliest days of the internet. When emails could be used to confuse and exploit people, they grew in fruition.
That’s why phishing attacks are still so prevalent and remain one of the most powerful tools a hacker has at their disposal. Today though, variants are growing in danger, specifically because they exploit contemporary topics to bypass “mental defenses.”
Cybersecurity is all about maintaining a consistent, proactive defense, so we’ll dive into signs of the modern phishing scheme in this article.
Phishing and social engineering today
Social scam techniques differ in a variety of ways from a decade ago. Technological progression, global happenings, and critical disasters are all foundation points phishing schemes use to succeed.
No doubt, you’ve noticed the increase of phishing attacks surrounding modern topics like COVID-19. That’s because phishing attacks have moved beyond simple financial scams. While the classic “Nigerian prince” concept still exists, hackers have a higher rate of success capitalizing on contemporary/modern subjects. Those subjects are normally emotionally charged in some way, looking to inspire feelings of fear or anger. That’s because fear and anger are great ways to bypass “critical thought” barriers.
In other words, when you’re angry, afraid, stressed, or otherwise emotional, you’re not always thinking clearly.
Additionally, phishing attacks transcend typical email, often doubled with texts and voice messaging. They’re not as common, but still part of the phishing attack family. Furthermore, you know that phishing attacks work effectively when they take advantage of trusted credentials. In other words, appearing as a contact you know from work or as a personal relationship.
So from this explanation in brief, let’s jot down some essentials regarding the modern phishing attack:
- Phishing schemes are targeted and complex in nature, making use of multiple mediums like social platform messaging, video calls, and texts
- Social engineering use current events to their advantage (examples such as COVID-19)
- Phishing techniques typically revolve around exploited trusted identities and communication to deceive recipients
- Hackers usually supply malicious links and/or files to bring recipients to malicious websites or “login” forms
Research has also shown a trend in targeted businesses. Typically, these are referred to as “BEC” or business email compromise attacks.
In 2020, the FBI conducted a report which estimated business loss due to cybercrime (and BEC) arrived at $4.2 billion. The top three culprits were phishing, extortion, and delivery scams. The report continued to detail the rising trend in using COVID-19 as a subject, so you can see why threat events such as a pandemic are perfect resources for hackers.
Remote working trends also added to the phishing dilemma, given that at-home staff were now responsible for a large chunk of their own cybersecurity.
Another problematic, but modern trend with social engineering schemes is their use and deployment of ransomware. We’ve discussed the problems of ransomware numerous times at Bytagig, and you don’t have to look too hard to see the digital disaster it causes.
So, with these critical things in mind, what can you look for as either a professional, remote worker, or in general?
Key things to remember are as follows:
- Practice extra scrutiny towards a message from a trusted sender that has suggestive content, such as abnormal requests to log in or incentives to “follow a link”
- Understand that attackers will use business and official imagery to appear legitimate
- Check the sender address
- If there’s a claim about an account alert or an “emergency,” check your official account first
These are good rules to apply in many scenarios, even professional environments. Hackers and social engineering schemes always work with a goal in mind, and it’s typically to bypass defenses with stolen credentials. Upon doing so, they aim to deploy malware payloads.
Despite advances in cybersecurity technology and strategies, phishing and social engineering scams are still prevalent. Keeping in touch with trends can help protect yourself and your businesses.