The Evolution of Phishing
Phishing is a kind of attack by cyber criminals which involves pretending to be a trustworthy organisation or person. Fraudsters typically pose as someone familiar to the target, such as a boss or colleague, and ask that they carry out a task that requires the victim to provide sensitive information, like passwords, usernames, or bank details. The attackers aim to gain access to this confidential data and use it for malicious purposes.
Cybercriminals have been trying to trick people through emails and messaging since the 90s. Initially, the messages were easily recognisable due to poor grammar, spelling errors, and links to suspicious websites. However, as time has passed, they have become more sophisticated and craftier with their subject lines and sender names. It can be very difficult to tell if a message is legit, as it may seem like a legitimate website when you click the link.
Unfortunately, the situation with cyberattacks has not improved in 2022 and has actually gotten worse. Cyberattacks have become more sophisticated, making them even harder to detect. It is expected that this trend will continue in 2023.
Using Trusted Services
Cybercriminals use services that people already trust, such as Google, Microsoft, and Amazon, to host phishing attempts. Recently, Office 365 users were tricked into downloading an OAuth app called Upgrade, which allowed attackers to perform malicious activities such as creating inbox rules, reading and sending emails, and accessing contacts and calendars.
The legitimate OAuth is supported by Google and allows websites and services to access third-party account information. Since trusted providers supported it, people may not have been suspicious when they downloaded this app.
Playing off Current Events
Cybercriminals may use current events to trick people into giving away their personal information. For example, in the wake of Twitter’s announcement that verification will now require payment, a fraudulent email was sent out to users. This email contained typos and other suspicious wording, warning them to pay a monthly fee or fill out a form to confirm their information. The criminals hoped to exploit people’s fear of losing their verification status. Thus, they were able to persuade some to simply verify their account without reading the email thoroughly.
Moving to Mobile
In 2022, there has been a sharp rise in phishing scams, especially those targeting mobile phones and applications. The most common way these scams work is with impersonation attempts. A cybercriminal will create a fake account on social media platforms like LinkedIn, Twitter, or Instagram and pretend to be a co-worker or a manager. Then, they use a brute force attack strategy, such as sending out malicious links to multiple people within an organisation.
If even one person clicks on this link, the criminal can gain access to their account and use it to send out messages to other employees. Although many people are wary of these suspicious messages, they can be easily fooled if the message appears to come from someone they know and trust. This is especially dangerous when users use the same passwords for their work and personal accounts, as criminals can access work applications.
Phishing attacks are on the rise and are becoming increasingly sophisticated. In 2023, organisations and individuals need to be aware of these phishing trends. By staying informed of these trends and implementing the best practices to protect against them, organisations and individuals can protect themselves from the devastating effects of phishing attacks.
A leading digital brand protection company, FraudWatch has been protecting client brands worldwide since 2003. We are leaders in online brand protection from phishing, malware, social media, and mobile apps impersonation. If you need brand protection for your company, get in touch with us! We guarantee security for your business.