Keeping up with trends when it comes to pop culture or fashion is challenging in itself. When it comes to cybercrime, you’ll likely never be ahead of the hackers! Their ability to adapt their tactics and tailor them to be more effective is truly impressive and scary. Their attacks are constantly changing – and nearly impossible to keep up with.
Recently, Barracuda released a report that reviewed data spanning from May 2020 through June 2021 which analyzed over 12 million email attacks at approximately 17,000 organizations. They found these phishing attacks are increasing in complexity. The old tactic of fighting them off with rules, blocked lists, or outdated policies are no longer working. There was once a time where one hacker would hit many users at once. This practice is being refined to more sophisticated criminal organizations which target with sometimes a single email.
How are they doing it? It’s hard to know, and to keep up! The best way to protect yourself is to stay as up to date with trends, training, and best-practices. As well as build up a multi-layered approach in building a proactive solution against these organizations.
Here are some of the most common tactics as of late:
Brand Impersonation
Brand identification is a major goal of every business. You see the logo and know what business it is before you even read a word. The point of this is to establish trust. Scammers know this, and know how to take that trust and use it to manipulate innocent people. They do so by impersonating popular brands so that users act without hesitation. Microsoft is one of the top three brands that are used in these phishing emails, along with WeTransfer and DHL. Currently, 43% of the phishing impersonation attacks are impersonating Microsoft, as most of those products are tied to logins. This allows gained access to a user’s account. This login info is a doorway into other files and folders within a business. Once they are in, ransomware and other malicious activity is just a click away.
Spear Phishing
Most people by now have probably heard of phishing emails, but spear-phishing is a little different. These emails are a more targeted attack method. Hackers will research the intended victim(s), their workplace, and even their social sites to create a curated email inquiry or request. This will be much harder to decipher from a more common spam message or attack. Ensure that you are creating awareness about this specific type of attack in addition to the general awareness of phishing. Combined, this builds up that multi-layered approach that we recommend.
Business Email Compromise
A business email compromise scam, or BEC scam, essentially combines the trust built from within a business with a fraudulent request and puts it into an email to the targeted recipient. This email will usually include a request to send or transfer funds, to purchase gift cards, or to send donation money to a bogus charity. These are often sent as an impersonation of an executive or high-level individual at the company. This way the targeted victim would be less likely to question the request.
Hopefully by staying aware of the different tactics of cyber criminals will keep you and your business safe. We would recommend having an IT company or team that can stay up on the cyber trends and will make you aware of any new risks. The above are just a few of the many. Above all, training and strengthening the human workforce is the best way to mitigate the risk of cybercrime.
To get an idea of where your business stands in terms of you current cyber protection, get a free assessment here. To get started with a trusted, experienced IT team, give us a call at 508-790-4171 or email us at hello@imediatech.com.