Phishing is a cybercrime in which the targets are contacted via email, telephone, or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking, and credit card details, and passwords. No matter how much it is discussed and all the warnings about it, phishing is continuously blooming.
In 2020 the reported incidents where users got tricked into revealing sensitive information, nearly doubled. As a result, the phishing hacking method prevails and gets more progressive and sophisticated. We advised with our colleagues from CyberOne’s Security Operations Center (SOC) on details about the most frequent types of phishing, as well as the new tendencies, and, correspondingly, the prevention approaches you and your team members can adopt.
Phishing is not a new practice and it has been exercised for more than 20 years. However, it has been developed and adapted to current agendas. An example of themed cyber attacks that use пресент circumstances against innocent people is the pandemic scams for stealing personal data or money. Despite the slight variations, the main tone is always trying to look and sound as credible as possible.
The Most Common Types Of Phishing
- Email phishing – Sending a message that appears as coming from a well-known organization, asking for your personal information, such as credit card number, social security number, account number, or password.
- Vishing – It happens by phone. It is described as using this particular channel in an attempt to deceive the users into surrendering private information that will be used for identity theft.
- Whaling – Hackers introduce themselves as representatives of a large organization and try stealing a certain company’s money or sensitive information, or gaining access to its computer systems for criminal purposes.
- Smishing – Tricking the victims into giving their private information via a text or SMS message.
- Spear Phishing – The fraudulent sending of emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information.
What Is New?
The latest trend in phishing is utilizing real widely known services for sliding in harmful content. For instance, hackers use Google Forms and Telegram bots for managing their attacks. According to a study of the cyber intelligence company Group-IB, cybercriminals mostly target online services for viewing documents, online shopping, and streaming, with such attacks accounting for 30.7% of malicious activity. By targeting online accounts, hackers are able to steal linked bank accounts.
The cybersecurity specialists of CyberOne also observed that cybercriminals now count on automation. The automation technique allows them to replace blocked phishing websites and therefore carry large-scale and complex phishing attacks. The new tactic makes the traditional methods of blocking phishing attacks less effective.
Thankfully, technologies for avoiding and restricting phishing attacks are also advancing. The latest filtering services inspect inbound and outbound correspondence by placing it in a virtual machine before proceeding to send it to its final destination.
Be Creative In Dealing With The Phishing Threat
Communication is so far the most functional strategy for defeating cyber attackers. Keeping quiet will not do a favor to you or your company. The best attitude to employ is actively striking back and taking measures but also accommodating an environment where your colleagues are encouraged to report incidents.
There is the stigma around the understanding that once employees click on a malicious connection, they immediately become the attackers. The reality is anyone can fail in protecting themselves. Yet, awareness and taking advantage of a combination of technology prevention tools and cyber insurance policy will provide you with a decent and comfortable security level.