New Dirty Tricks and the Latest Insights on Phishing

istock 488437074
weerapatkiatdumrong

When it comes to cybersecurity, phishing is one of the oldest tricks in the book. But it is still incredibly hard to defend against. The reason? Cyber criminals are getting craftier.

“Phishing has evolved,” says Chester Wisniewski, principal research scientist at Sophos. “We’ve made a lot of progress with awareness and protection, but unfortunately criminals keep innovating.”

These days phishing emails often lead to ransomware, crypto jacking, or data theft.

A recent report from Sophos, based on an independent survey of 5,400 IT professionals around the globe, finds 70% of respondents say the number of phishing emails increased in 2020.

Fortunately, 90% of organizations have implemented some kind of cyber-awareness program to address phishing, with an additional 6% planning to set one up. But, unfortunately, even with education in place, people still fall for these fraudulent messages.

“People are stressed, rushed. They’re having a bad day. It happens,” says Wisniewski. “And criminals are finding new ways around our filters.“

New Dirty Tricks

One way phishing has evolved is through the use of SMS – or text messages – to lure victims. Because it is a less-than conventional way to trick a person, it often catches people off guard.

“The messages are getting through and they are not including links or attachments,” says Wisniewski. “Instead you get messaging telling you have subscribed to a streaming service, and to call now or you will automatically be charged.”

Victims, worried about losing money, call the number provided and unknowingly end up conversing with a criminal.

“These guys talk you into downloading a macro. They are super helpful about it and sound very believable. It’s the latest twist of phishing. Using that social trust to get you to compromise your system.”

But the report also highlights some cultural factors around understanding of phishing. For example, respondents in Israel that consider SMS messages as phishing is more than double the percentage in Mexico (60% vs. 23%). While many IT pros call this “smishing” instead of phishing, false messages claiming to be from trusted brands have the same effect regardless of transmission method. All of these tactics should be included in awareness programs.

Staying protected requires a mix of both awareness and tools that can identify phishing imposters and attacks. Many of today’s solutions utilize advanced machine learning and real-time scanning for key phishing indicators to keep malicious messages out of in-boxes.

Read the results of the Sophos and learn more about phishing defense at Sophos.com

Related:

Copyright © 2021 IDG Communications, Inc.