A new year brings all sorts of possibilities and as the page turns to 2020, we’re also ushering in a whole new decade. But along with the excitement of what’s to come in technological advancements also comes new types of cyberattacks.
The basic premise of phishing itself hasn’t changed much from the early days of those emails that used to come from a “Nigerian prince” – someone is trying to trick you into doing something, either revealing personal information or click a link to download malware. But the ways in which phishing scams occur have become much more sophisticated.
Phishing occurrences are also growing. In 2018 phishing attacks grew 40.9%, and increased another 21% inQ2 of 2019.
The good news is that applications providing email and spam protection have been working to keep up with the latest phishing scams, as well as network firewalls and other security safeguards.
But to ensure you network is fully protected, it’s important to know what types of scams are out there so you can prepare your employees and have regular IT security assessments to ensure your cybersecurity solutions can keep up.
From attacks on popular cloud storage apps to the increased use of social phishing, 2020 will be another year of hackers working to steal your data however they can.
Watch Out for these Phishing Scams That are On the Rise
Phishing goes after unsuspecting users trying to bypass basic security by getting a person to click on a malicious link, give up their login credentials in a fake form, or open a dangerous attachment.
Phishing accounts for 90% of all data breaches.
Roughly 1.5 million new phishing sites are created every month. Phishing remains the most popular method of attack because it works so well. Hackers can send millions of phishing emails out easily, and with the advent of AI and automation they can more easily personalize them to gain a user’s trust.
Combatting phishing takes a multi-pronged approach that includes those on the front line of phishing attacks, your employees. Here are some of the best ways to defend against these types of cyberattacks:
- Anti-phishing/anti-spam applications
- Antivirus/anti-malware software with sandboxing capabilities
- Ongoing cybersecurity training for your employees
- Strong firewall and network protection
- Endpoint protection, such as mobile device management
We’ve researched several cybersecurity reports to bring you details on the emerging types of phishing threats that are on the rise and that you need to be prepared for in 2020.
Use of Google Services
Scammers are trying to make their links seem more legitimate by using Google’s free services, which are typically trusted.
For example, instead of using a phishing link to a malicious file that is “rxebytece.com/file” which would be cause users to think twice before clicking, they’re increasingly using something like “drive.google.com/file,” something users are more likely to trust and click on.
They’ve also been known to use Google calendar, which is widely used by companies for scheduling meetings, to send fake meeting invitations and include malicious phishing links in the invite.
Attacks on Cloud Storage
If a hacker can get you to give them your login password to the company’s OneDrive account, they’ve just hit the data jackpot. The volume of attacks targeting cloud storage rose 48% last year and remain a top danger for 2020.
Phishing scammers typically will use an email spoofing the cloud service and saying that a password change is needed. If the user follows the link, they’re presented with a login form that is a spoofed page meant to steal their cloud service login.
Tax Season Phishing Campaigns
2019, as in prior years, saw a spike in tax-themed phishing attacks coinciding with tax deadlines in various countries. The U.S. is a big target, as well as Canada and New Zealand, among others.
The tax-themed scams can come in all forms:
- Phone
- Social media
- Text message
They’ll cleverly spoof the name of a legitimate tax authority, like the Internal Revenue Service, and attempt to use fear or urgency to get victims to divulge personal or sensitive company information that can be used for identity theft.
Personalized Phishing
It’s much easier to spot a phishing email when it’s sent to “undisclosed recipients” and doesn’t include any personal information. But with the availability of company and personal data on social media and advanced automation capabilities phishing criminals can now easily personalize millions of emails down to a name, company, and title.
All a scammer has to do is pull information on LinkedIn like name and title, and they can use these details to personalize an email to the recipient using an algorithm and also spoof a manager’s email address to make employees think the email is from their boss.
SMS Phishing
With people using online banking apps and payment wallets like Apple Pay, there’s been a significant increase in SMS phishing that sends users to a legitimate looking login screen designed to steal their banking or payment app password.
Many people aren’t expecting phishing via text message and are used to getting their banking alerts by text, which makes this scam particularly dangerous. SMS phishing is also more difficult for security to track than email-based phishing, which has added to the growing popularity among hackers.
Is Your Security Strategy Prepared for New Cyber Threats?
The new year is a great time to have your security strategy reviewed to ensure your network and data are protected against new and emerging threats. Technology Visionaries can do a full security assessment to review your protective measures and make recommendations for any weak spots.
Schedule your free security assessment today! Call 732-587-5960 or contact us online.