Cyber-criminals are using new tactics to increase their chance of success in phishing attacks against various companies. Phishing is the most pressing cyber threat organizations face and will increase in the future. In 2021, 83% of organizations reported becoming victims of phishing attacks; in 2022, approximately 6 billion attacks are expected to happen.
Today’s attackers use tactics like spear phishing, vishing and deceptive phishing to target users and cause organizations to lose billions annually. Their primary purpose is to gain access to networks, steal data or infect systems with malware. Due to these attacks, organizations lose valuable customers, money and reputation. With phishing scams not going down, there’s a need to make efforts to prevent the consequences it brings.
The State of Phishing Scams
IBM’s Cost of a Data Breach Report 2021 found that phishing remains the second most expensive attack vector, costing victim organizations an average of $4.65m. Researchers further found that any breach caused by phishing took 213 days to be identified and 80 more days to be contained. Hence, the average time to contain phishing threats is more than 290 days.
Various factors contribute to the increasing number of phishing attacks, like using office-based devices for personal use and other knowledge gaps that can only be overcome by a thorough implementation of behavioral cybersecurity. According to a report by Hoxhunt, proper cybersecurity training causes a 70% increase in phishing threat reporting rates.
Employees are the weakest link within an organization when it comes to preventing phishing scams. They often fail to recognize harmful messages that provide easy access to the attackers and put their business integrity at risk.
Proofpoint’s 2022 State of the Phish report for 2022 reveals that 92% of Australian organizations experienced a successful phishing attack last year. These figures have increased by 53% compared to the previous year.
Thousands of new phishing websites go live daily, and most compromised domains host them. These sites can easily pass a domain reputation test and continue to host malicious pages putting users’ online privacy at risk. SlashNext Threat Labs has found that nearly 90% of phishing URLs are hosted on compromised domains or legitimate cloud services like Amazon AWS, GoDaddy, and SharePoint.
How Phishing Scams Have Evolved
Phishing attacks have progressed from sending automated campaigns to surgically targeting individual people. Now, hackers make email subject lines more engaging and send emails from familiar names and companies. They also use spear-phishing and deceptive techniques that show a high return rate over a small set of victims.
Cofense’s Q1 Phishing Intelligence Trends Review 2022 highlighted the latest phishing strategies resulting in increased phishing emails, like:
- Cryptocurrency and phishing scams were popular during the Russia and Ukraine war. Cyber attackers set up donation scams to collect data and cryptocurrency from victims. The subject lines of these donation scams were to create a sense of urgency with taglines such as “Ukraine Donations” or “Save Ukraine Children.”
- Nefarious file attachments are another popular tactic that attackers used to launch phishing attacks in Q1 2022.
- Phishing scams have also increased because of the Emotet botnet, targeting US taxpayers in Q1 2022. In one scam, the threat actor uses the IRS’s W-9 forms to infect victims’ devices.
Threat actors also often use social media platforms to create clone accounts of well-known companies to make people click on malicious links they think are legitimate. A stranger can also message any employee on a social media platform with a link to click.
Mitigate the Threats of Phishing Attacks
Clearly, phishing attacks are not going away soon. However, there are a few measures that companies can take to reduce the chance of becoming a victim of phishing attacks:
- Update your passwords promptly and enable a multi-factor authentication option on all your email accounts.
- Don’t respond to every email you receive. Restrict your data access, and allow only a few trusted people to access it only for work purposes.
- Train your workforce to be aware of phishing threats and how to identify malicious messages.
- Double check your emails if you doubt they are spam or ask you for your login credentials.
- Don’t ignore the little details in the email, such as the email logo. Check these to ensure email authenticity.
- If you receive an email that makes urgent requests, know that it’s likely an online phishing scam. Take your time and think before you click on any link for downloading. Analyze the email, and don’t take urgency at face value.
- Phishers are now using pop-up windows to perform online phishing scams. Make sure you don’t give away your details on pop-up screens.
The Bottom Line
Undoubtedly, online phishing scams are increasing, causing significant losses to individuals and businesses. With the changing security landscape, all we can do is adopt a strong strategy against online phishing scams and follow it strictly. The practices mentioned above are some of the best ways to avoid phishing scams. Follow them, and stay secure.