New Dirty Tricks and the Latest Insights on Phishing

When it comes to cybersecurity, phishing is one of the oldest tricks in the book. But it is still incredibly hard to defend against. The reason? Cyber criminals are getting craftier.

Phishing is the term used to describe when a scam artist sends an official-looking email (or text message) to try to get the recipient to reveal person information such as user names, passwords, account numbers, or other personally identifiable information. The email encourages the recipient to respond to the email or click a link provided in the message and “login” to a site such as a bank account, agency, or store.

A recent report from Sophos, based on an independent survey of 5,400 IT professionals around the globe, finds 70% of respondents say the number of phishing emails increased in 2021. Phishing has evolved, and these days phishing emails often lead to ransomware, crypto jacking, or data theft.

New Dirty Tricks

One way phishing has evolved is through the use of SMS – or text messages – to lure victims. Because it is a less-than conventional way to trick a person, it often catches people off guard.

The messages are getting through and they are not including links or attachments. Instead you get messaging telling you have subscribed to a streaming service, and to call now or you will automatically be charged.

Victims, worried about losing money, call the number provided and unknowingly end up conversing with a criminal. These guys talk you into downloading a macro. They are super helpful about it and sound very believable. It’s the latest twist of phishing. Using that social trust to get you to download malware onto your device.

Social media is also a favorite method used by criminals to deceive their victims, as it makes their work very simple. With over 1.3 billion people logging on to their favorite social media accounts every month, and the trust that many have in the wider community of users, social media phishing represents a rich source of income for fraudsters.

Like fraudulent emails and texts, social media phishing plays on your basic human emotions and needs, such as trust, safety, fear of losing money, getting something for nothing, eagerness to find a bargain or desire to find love or popularity/status. They also generally state or imply the need for your urgent action to either avoid an issue or take advantage of an offer.

Phishing attacks are harder to spot on smartphones

Tailoring phishing emails towards mobile devices can make them more difficult to spot because the smaller screen provides fewer opportunities to double check that links in messages are legitimate, while smartphones and tablets might not be secured as comprehensively as laptops and desktop PCs, providing attackers with a useful means of attempting to steal valuable information from the victims.

By launching phishing attacks that mimic the context that the recipient expects, attackers are able to direct a user to a fake webpage that mimics a familiar application login page. Without thinking, the user provides credentials and data can be stolen.

It's likely that cyber criminals will continue to target mobile devices, so researchers emphasise the importance of smartphones and tablets being part of the overall cybersecurity strategy, by ensuring that the operating systems they run on are up to date and that they're using software to help protect against phishing, malware and other cyberattacks.

Staying protected requires a mix of both awareness and tools that can identify phishing imposters and attacks. Many of today’s solutions utilize advanced machine learning and real-time scanning for key phishing indicators to keep malicious messages out of inboxes.

To learn more about phishing defense, visit RedFox Security website