Phishing Attacks Are Evolving and so Should Your Defense

What does the internet have in common with the light bulb and the printing press? It’s one of the greatest inventions in human history! The internet has changed our lives in so many ways. We use it to communicate, to watch way more cat videos than we admittedly should and, now more than ever, to work from home. It’s also a great place to learn, as we’ll be doing today as we explore phishing attacks (see, we did have a point!).

As good as the internet has been to us, it’s far from perfect. For as long as email has been in our lives, so too has phishing, lingering like those in-laws that have stuck around just a little too long. While the internet has evolved, so too have phishing scams. This makes staying one step ahead more challenging — but by no means impossible. Together, we’ll explore phishing attacks, how they’re evolving, and what you can do to fight phishing. Let’s go!

Phishing attacks: some things never change

The aim of phishing hasn’t changed. It’s designed to steal your precious data by tricking you into giving up valuable information, be it a bank account number, password, or social security number. With such data, a phisher can potentially steal your funds or even your identity. Yes, we all know it. Phishing is bad. Very bad.

According to Verizon’s 2020 Data Breach Investigations Report (DBIR), 96% of phishing attacks arrive by email while just 3% are via malicious websites and 1% by phone. Phishing scams usually appear to be from a trusted organization such as a bank, government department, or university. Often urgent in nature, phishing emails contain a malicious link or attachment under the pretence that you need to interact with it to complete an action (like update your password).

The very first phishing attack is a tale as old as time (okay, we exaggerate; 1995 to be specific). Hackers posed as AOL employees and used email to steal the passwords of users and hijack their accounts. Ever since, cybercriminals have sent out generic phishing emails to the masses in the hope that statistically something will hit. You know, a bit like throwing flaming darts while blindfolded (we don’t recommend this).

However, as that famous song goes, “the times they are a-changin”. While some people still fall for some very poor quality phishing scams, many have grown wise to them. In an attempt to be more convincing, phishing attacks have started to make use of social media as well as the dark web for spear phishing. This new-and-improved version is basically mass phishing’s more sophisticated sibling.

Wait! What’s spear phishing?

What is spear phishing you ask? It’s as dangerous as it sounds! Spear phishing is a more personalized phishing attempt which targets a specific individual or group. This could mean you or your business. While mass phishing is still very much alive and kicking, there’s been a notable rise in targeted, low volume phishing attempts.

Those looking to carry out spear phishing attacks can glean all kinds of data from social media pages. Consider a person’s Facebook page may include their name, date of birth, place of work, relationship status and more. Recent posts and photos provide even greater insight into that person’s life. The more information possessed by those looking to carry out a phishing attack, the more convincing the attack can be.

Aside from social media, there’s a vast quantity of information on the dark web, much of which comes from prolific data leaks suffered by high-profile companies in recent years. The likes of eBay, Facebook, Microsoft, and Yahoo have all suffered data breaches, all of which have seen millions of records exposed (including banking details in some cases).

The rise of COVID-19 phishing

Okay, so we’ve established that phishing scams are bad and that spear phishing is even worse. The threat of phishing isn’t retreating any time soon. The FBI’s 2020 Internet Crime Report states that the most reported crime by victims in 2020 was phishing. Indeed, Google reported a record 2.1 million phishing sites in 2020, up 25% from 2019.

The COVID-19 pandemic has proven to be a golden opportunity for email phishers. The IRS has issued a warning about these COVID-19 phishing attacks, of which there has been a significant rise in the past year. Many of these phishing emails, texts, and calls contain false promises of early vaccination. Here’s a particularly juicy statistic: In 2020, Google detected 18 million phishing emails per day related to COVID-19.

How can my business avoid phishing scams?

If anything, the rise of coronavirus phishing shows that hackers are looking to exploit the human in us. At Ignition, we’re not cold, calculating robots devoid of sentiment. We get it. Sometimes people just make mistakes and fall victim to phishing scams. The good news (at last!) is that there are some things you can do to reduce the chances of this happening:

• Look for obvious typos, grammatical mistakes, or strange-looking addresses
• Think twice before clicking links, downloading files, or opening attachments
• Use a password manager to generate strong passwords for different accounts
• Check for the padlock icon in the address bar to verify a website can be trusted
• Try to limit the amount of personal information you publish online

While anyone can do the above, the sophisticated nature of some phishing attacks means it’s difficult to stay on top of them without investing a great deal of time, particularly when you’re trying to run a business.

Ignition lets you do what you do best

At Ignition, we take security seriously and offer 8 different phishing defense tools to provide you with peace of mind:

Ignition’s 8 phishing defense tools

1. SPF and DKIM email authentication
2. Third-party filters
3. Quarterly phishing simulations
4. 2-factor authentication
5. DNS filtering
6. AI-based anti-malware
7. Data loss prevention
8. Cloud SSO with MFA

Phishing scams are a go-to for cybercriminals because they’re cheap, easy to do, and clearly work often enough. Staying one step ahead is a big job in itself. So why not have a chat with us about how you can improve the cybersecurity of your business and prevent phishing attacks? That way, you’ll have more time to focus on what you do your best: running your business. Oh, and you might just sleep a little easier at night as well!