In 2020, at least 75% of companies around the world were targeted by a phishing attack. Phishing attacks remain one of the biggest and most common dangers to your business because it’s the main gateway for all types of cyberattacks.
One phishing email can lead to a company-wide ransomware attack causing downtime. It can also lead an employee to unknowingly disclose his credentials to a company email account that later will be used by hackers to target other employees and even customers.
Although some phishing emails use very sophisticated tactics to fool the recipient, most phishing attacks simply take advantage of human error.
According to Security Magazine, mobile phishing threats skyrocketed by 161% in 2021.
If you are wondering what you can do to protect your business from phishing attacks consider doing some or better all of the following:
To properly train your employees and ensure your IT security is being upgraded to meet the newest threats you better partner with a professional IT service provider.
Here are some of the latest phishing trends we’ve noticed in Q1 2022.
More people are suspicious of unwanted and unexpected emails than text messages. Most phishing awareness training courses focused on email phishing because it has been the most prevalent.
But cybercriminals are taking advantage of this. The availability and less professional attitude towards messenger apps make them better targets for phishing attacks.
People are receiving more text messages now than they did ever before, due in large part to shops and service businesses sending their text updates, promotional materials, and delivery notices this way.
This makes it even easier for phishing via SMS to get a victim to click on a shortened URL.
Ransomware has been a growing threat over the last few years largely because of its ROI for the cybercriminal groups, it’s relatively simple to do and it pays very well. A newer type of cyber attack called business email compromise (BEC) is on the rise and being exploited by attackers to make money off things like gift card scams and fake wire transfer requests.
What makes BEC so dangerous is that when a criminal gains access to a business email account, they can contact other employees, customers, and vendors of that company with extremely convincing emails. The recipients have more trust in the familiar email addresses, making these emails a potent weapon.
This may sound counter-intuitive for some, but it’s true. There is no such thing as being too small to be attacked, even worse, being small increases the chance of getting attacked. Small businesses are targeted more frequently because they have less IT security than larger companies.
43% of all data breaches happen to small companies, and 40% of small businesses that became a victim of an attack experience at least eight hours of downtime as a result. Also, small businesses are getting targeted more by a more dangerous variant of phishing attacks called spear-phishing. Spear phishing is more dangerous because it’s targeted and not generic.
It used to be that spear-phishing was used for larger companies because it takes more time to set up such an attack. However, as state-sponsored hackers and large cybercriminal gangs get better at their attacks, they’re able to more easily target businesses of any size.
The fact that large criminal groups are continually optimizing their attacks to make them more effective, is scary. They treat cyberattacks like a business and work on making them more profitable all the time.
One way to make it more profitable is by using an outside specialist called Initial Access Brokers. This is a specific type of hacker that focuses on one thing only – getting the initial breach into a network.
The increasing use of these experts makes phishing attacks quicker and bigger at scale, leaving organizations fewer chances to quickly recover from a cyberattack.
With time, many users got better at handling emails from unknown senders, thus business impersonation in phishing attacks became more prevalent. This is where a phishing email copies a look of a legitimate email from a company that the user knows or even does business with.
Amazon is a common target of business impersonation due to its size and recognizability, but it also happens with smaller companies as well. For example, there have been instances where hosting companies have had their client lists leaked resulting in clients receiving phishing emails from hackers impersonating the hosting company. They asked users to log in to an account to fix an “urgent problem” and provided them with a phishing link that would copy their login credentials.
It’s important to use a multi-layered strategy when it comes to defending against one of the biggest dangers in the contemporary business world. Get started with a cybersecurity audit. Schedule a quick 10-15-minute call with us and get a better understanding of your cybersecurity and how it can be improved.
EB Solutions is a leading provider of IT solutions and services in Toronto and the Greater Toronto Area. We provide a wide range of IT solutions, including but not limited to: cybersecurity, VoIP, business continuity and disaster recovery, and managed IT support for small and medium-sized businesses.