View Insight Article

Be wary of these Phishing Attack vectors in 2022

75% of businesses around the world suffered a phishing attack in 2020. Phishing continues to be one of the biggest dangers to your business's health, as it is the main delivery mechanism for many types of cyber attacks.

Just the one phishing email can lead to a business succumbing to ransomware and having to face expensive and frustrating downtime. It may also lead a user to unwittingly handing over credentials to a company email account that the hacker then abuses to send targeted attacks to customers.

At Sound Networks IT Support in Wiltshire, we often see human error as the target of phishing attacks, and some of these emails use sophisticated tactics to fool the computer user into divulging sensitive information or infecting a network with malware.

161% rise in mobile phishing attacks in 2021

Some of the most effective safeguards against the ever present spectre of phishing include:

• Ongoing employee cybersecurity awareness training
• DNS filtering
• Email filtering
• Next-gen antivirus/anti-malware

Sound Networks Computer Support Services can help to train your employees and ensure your IT security is being upgraded to meet the newest threats. To do this you will need to know what new phishing threats are headed your way. Some of the latest phishing fashions that you need to be aware of in 2022 include.

If your PC or laptop meets or exceeds what's listed above, then you can safely upgrade to Windows 11, stress-free. On the other hand, you may have to make some hardware upgrades or buy a new device altogether if your current one does not meet the minimum requirements.

Smishing is on the rise

Fewer people are wary of text messages than they are of unexpected email communications. Generally phishing training is focused on the email type of phishing because it has historically been the most common form.

Cyber crime entities are now taking advantage of the easy availability of mobile phone numbers and utilising SMS to deploy phishing attacks. This type of phishing (called “smishing”) is growing.

More SMS messages are receive now than they did in the past, due in large part to retailers and service businesses pushing their text updates for sales and delivery notices – not to mention the rise in popularity of two factor authentication services.

This makes it even more convincing for phishing via SMS to fake being a shipment notice and trick a user into clicking on a shortened URL

Far greater cases of business email compromise

An increasing threat in recent years has been Ransomware, mostly because it has become a substantial money-maker for organised criminal groups that launch cyber attacks. The latest up-and-coming form of attack is becoming more and more lucrative and consequently is also growing.

Business email compromise (BEC) numbers are rising and being exploited by attackers to make money from things like voucher scams and fake wire transfer requests.

BEC is highly dangerous because (and lucrative) when a criminal gains access to a business email account, they are then able to send very convincing phishing messages to employees, customers, and suppliers to that company. The recipients will generally trust a known email address, making these emails potent tools for the cyber criminals.

Spear phishing is on the rise against SMB type businesses

No business is too small to be a target of a hacker. Small businesses are often in cyber attacks because they tend to have less network security and computer support than larger companies.

43% of all data breaches target small to mid-sized companies, and 40% of small businesses that are unlucky enough to become unwitting victims of an attack experience at least eight hours of downtime as a result.

Spear phishing is a more dangerous form of phishing as it is targeted and not generic. It's the type deployed in an attack using BEC.

Historically, spear-phishing was used against larger companies because it takes more time to set up a targeted and tailored attack. However, as large criminal groups and state-sponsored hackers make their attacks ever more efficient and complex, they're able to more easily target any type of enterprise. As a result, small businesses owners are finding receiving more tailored phishing attacks that are more difficult for their users to identify as a scam.

Third parties are being used far more regularly to increase the efficiency of attacks

We talked about the fact that large criminal groups are continually optimizing their attacks to make them more effective. They treat cyber attacks as a business and continuously work to make them more profitable.

One way they achieving this is by utilising outside specialists called Initial Access Brokers. These are a specific type of hacker who only focuses on getting the initial breach into a network or company account.

An increasing use of these experts in their field makes phishing attacks ever more dangerous and difficult for end users to detect.

Sound Networks are seeing a rise in business impersonation emails

Users have gotten savvier over time about being careful of emails from unknown senders, meaning that phishing attackers have increasingly used business impersonation. This is where a phishing email will arrive looking like a bonafide email from a company that the user may already be familiar with.

Amazon is a common target of business impersonation, but this can also be the case with smaller companies as well. There have been instances where website hosting companies have had client lists breached and those companies sent emails impersonating the hosting company, asking the users to log in to an account to fix an urgent issue.

An increase in business impersonation being used in phishing attacks means that users have to be suspicious of all emails - not just those from unknown senders.

How to make sure your business is best protected from phishing attacks?

A multi-layered strategy is essential when it comes to defending against one of the biggest dangers to your business's IT security. Ask Sound Networks IT Support in Wilsthire to help you with your cybersecurity audit. This will help you get started to review your current security position and identify ways to improve your network security.