According to various reports on phishing trends, it continues to rise at an alarming rate. Read on to know more about it…
Phishing attacks are cited as a major security risk by more than 50 percent of IT decision-makers. Phishing threats can impact end users due to flaws in security policies, processes and infrastructure along with ineffectual trainings to instill cyber security awareness in employees.
The phishing threats have been addressed by organizations for a very long period. However, it requires InfoSec and business leaders to focus and target their efforts in order to reduce risk of phishing threat.
Phishing Trends
The following are some of the phishing trends that organizations should be aware
Vishing: Voice Phishing or Vishing is something that several end users may not be aware that it could trigger an cyberattack. In a VoIP phishing call, the person on the other end often poses as an official from an reputable company or a bank. After that, they instruct that the respondent visit a website. The attacker then launches a cyberattack using the data entered on the website. Imposters (callers who pose as someone else), debt relief scams, and charity scams are examples of common vishing scams.
According to Proofpoint’s State of the Phish report, vishing attacks were launched against 69 percent of the organizations. That represents a 54 percent increase from 2020. The X-Force index discovered that vishing attacks were three times more effective than a traditional phishing campaign, which is very alarming. Using cybersecurity applications to thwart the attack is difficult because vishing attacks starts with the phone.
Spear Phishing: It’s extremely likely that if you receive an email from a bank that you have never used before, you will immediately recognize it as a phishing email and click the trash button. However, you are considerably more likely to fall for the fraud if you receive an email from your own bank. The first kind of attack was a broad phishing attack, which is where the difference lies. The second is a type of attack known as spear phishing that targets specific individuals.
According to a FireEye report from 2021, recipients of spear phishing emails were 10 times more likely to click on the link than recipients of phishing emails in general. The increase of spear phishing is not surprising. According to research by Proofpoint, spear phishing attacks were successful against 79 percent of organizations. This represents an increase from 2020 of 66 percent, which is highly alarming.
Smishing: Threat actors targeting a person via SMS texting, is known as smishing. The fact that many people do not have cybersecurity software on their phones is one of the factors that makes this kind of attack even more effective. Since people are unaware of smishing, they might therefore be more vulnerable to being targeted by SMS than via email.
Smishing attacks were experienced by 74 percent of organizations in 2021, an increase of 13 percent from 2020, according to research by Proofpoint.
Social Media based Phishing Attacks: Social media is becoming a more popular target for phishing attacks by attackers. According to research by Proofpoint, social media based phishing attacks targeted 74 percent of organizations. That represents a 13 percent increase from 2020. Many people are wary of blatant phishing attacks on social media, such when a stranger sends you a link through a private message on a platform. Others, though, are more difficult to detect. Attackers frequently hijack accounts before using phishing to attack their friends. Quizzes on social media that ask users to provide information that would later be used to create social engineering accounts are among other scams. Threat actors can trick consumers into clicking on malicious links by cloning accounts they seem to be from legitimate companies.
Concluding Words
Threat actors are becoming more vicious and phishing emails are more common than ever. There are various methods for preventing phishing and organizations should take more proactive measures to minimize phishing and lower associated costs.
Your organization can build on existing strategies to create a more secure and phishing-free environment, by educating employees about social media phishing, implementing stronger endpoint solutions that can detect malicious behavior across device types, reducing text-message phishing, or developing and deploying a new zero-trust strategy. What else can your organization do to minimize the threat of phishing attacks?