Decryptors
,

You’re Not Imagining It: Phishing Attacks Are Rampant

Does it feel like your inbox is constantly bombarded by phishing scams? You’re not imagining it; phishing emails saw a dramatic uptick in the first half of 2024, a trend expected to be matched in the second half of the year.

Phishing Emails Are Laying Siege to Your Inbox

A report from security research firm Egress found a massive 28 percent increase in phishing emails between April 1st and June 30th, 2024, compared to January 1st and March 31st, with millennials being the most targeted demographic.

The constant rise in phishing emails is likely not a surprise to you, even considering seasonal phishing trends that attempt to use specific events to trick us. But what might be more of a surprise is that in some phishing campaigns, a malicious attachment is no longer the preferred method of catching you out.

Egress found that the number of phishing emails using a malicious attachment dropped by around 30 percent from 2021 to 2024 while phishing hyperlinks grew to become the most popular phishing method. The research puts this change down to a few key changes in security practices, but in short, most folks know about malicious attachments, and organizations have gone to great lengths to block them. Whereas it’s easier to mask a malicious hyperlink and slip through malware and phishing detection tools.

Impersonation Phishing Scams Are Also Rampant

My inbox receives its fair share of faceless, nameless phishing attempts, but there are also slightly better-quality impersonation phishing attempts. Egress calls these impersonation phishing attacks “commodity” attacks, but it’s just a new name for the same threat: “mass-produced, malicious campaigns that typically mimic spam by impersonating brands on a large scale.”

Between January 1st and August 31st, 2024, over a quarter of phishing emails impersonated brands, with a further 16 percent attempting to impersonate the recipient’s company (as part of spear phishing campaigns). As you might expect, the most impersonated brands are the biggest in the world, with Adobe, Microsoft, DHL, and others topping the lists.

But scammers are taking impersonation phishing to the next level, too. Instead of firing out millions of emails and hoping for a hit, some use multi-channel attacks to create a stronger illusion. In one example, Egress found scammers sending a phishing email impersonating Evri (a UK courier service), then following up the email with a malicious SMS (known as a smishing attack). The combination of messaging from a single source using related terms, tracking numbers, and so on is much harder to ignore than a random phishing email or SMS.

How to Spot Phishing Emails and Keep Your Inbox Safe

Egress’ findings are backed up separate research from Abnormal Security, who’s H2 2024 Email Threat Report saw a bonkers 350 percent increase in phishing attacks from 2023 to 2024.

And with the majority of these phishing scams attempting to exploit legitimate domains and email services and impersonate global businesses, it’s important to take a moment to familiarize yourself with how to spot a phishing email.

  • Unofficial Email Addresses That Look Legitimate: Phishers often use email addresses that closely resemble those of reputable organizations. For example, they might use “support@yourbank-secure.com” instead of the official “support@yourbank.com.” Always verify the sender’s address carefully.
  • Generic Greetings and Lack of Personalization: Legitimate companies usually address you by name. Phishing emails often use generic salutations like “Dear Customer,” indicating they don’t have your personal details.
  • Urgent or Threatening Language: Scammers create a sense of urgency to prompt immediate action, such as claiming your account will be suspended unless you verify the information. Be cautious of emails pressuring you to act quickly.
  • Suspicious Links or Attachments: Phishing emails may contain links that appear legitimate but direct you to fraudulent websites. Hover over links to see the actual URL before clicking, and avoid downloading unexpected attachments.
  • Poor Grammar and Spelling Errors: Many phishing emails contain noticeable grammatical mistakes or awkward phrasing, which can be a red flag. Professional organizations typically proofread their communications.
  • Unsolicited Attachments: Be wary of unexpected email attachments, especially if they prompt you to enable macros or contain executable files, as they may install malware on your device.
  • Mismatched URLs: Ensure that the URL in the email matches the legitimate website’s address. Phishers often use URLs with slight misspellings or additional words to deceive users.

With these tips, you’ll spot heaps more phishing emails and boost your security.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from MakeUseOf.com SOURCE