Our reliance on the internet is growing daily. In 2018 alone, Americans used an average of 3,138,420 GB of data per minute. There’s no question that the internet has become an indispensable tool for people and businesses. It’s convenient to use and it provides you with a wide range of data.
On the downside, though, the internet has also made it easy for cybercriminals to ply their trade. Americans use a lot of data, and they’re also subjected to 84% of phishing attacks globally.
Cybercriminals use many attack vectors to get to our personal data. Of all the attack vectors, phishing might be the most harmful because it can be hard to spot.
In the first half of 2019, 182,465 phishing sites were discovered. To make matters worse, phishing attacks are becoming more sophisticated. Forget poorly-worded emails and outrageous claims; modern phishers adopt a stealthier approach.
In this post, we’ll take a look at some phishing trends to watch out for in 2020.
Phishing kits
Phishing kits have been around for a while now. The problem going forward is how sophisticated these kits are becoming. You don’t even need to have experience to become a phisher anymore. Buy one of these readymade kits, and it walks you through the process step by step.
These kits cost, at most, $300, but there are also free versions out there. A decent phisher could make that back in one scam.
Phishing-as-a-Service
Our legitimate tools have darker cousins. Phishing-as-a-Service (PaaS) is the criminal world’s answer to Software as a Service. For a monthly fee, the would-be phisher can subscribe to a service that does all the work.
There’s hardly any work involved for the subscriber, and the sites being promoted look completely legitimate.
Business Email Compromise (BEC)
Also known as spear-phishing, these attacks are well-planned and coordinated. Instead of attacking just anyone, the phisher will research their target company. They’ll target someone in the company to gain information.
This is something of a long con, but the rewards make the effort worthwhile. The phisher uses social engineering to convince the unwitting employee to transfer money or hand over sensitive company data.
Voice Technology
Who’d have thought that voice technology could be turned against us? Unfortunately, though, hackers have found a way. They’re using artificial intelligence to help them with it too. The criminal uses voice deepfakes, a specialized form of robocall, to attack their victim.
With AI fast being able to replicate human speech more precisely, we can expect to see more attacks going forward.
SIM Swaps
SIM-swaps are a relatively new technique that’s gaining ground fast. The idea here is to circumvent the victim’s two-factor authentication service. They start by convincing their victim to give them their one-time password.
Once they have that, their attention turns to the victim’s mobile service provider. They’ll have the service provider do a sim swap from the victim’s phone to their own. Once they’ve got that right, they’ve got everything that they need to circumvent two-factor authentication systems.
Final Notes
As you can see, there are many ways for phishers to get the information that they’re looking for. Your best defence going forward is to carefully evaluate every email, text message, or social media message you receive.
Social engineering is a big part of the criminal’s repertoire. While we usually associate phishing with emails, there are plenty of other potential delivery systems to account for too.
If the message comes through on email, scrutinize the address carefully. It might have a missing or incorrect character. It could also be a case of the legitimate sender’s email address being hacked.
If you’re being asked to perform a money transfer, be very careful. If necessary, phone through to the so-called sender and confirm the transaction using the contact details you have on record. This does add a bit more work, but it could save your business from a substantial financial loss.
