4 top phishing trends to watch out for in 2023

4 top phishing trends to watch out for in 2023  

IT and cybersecurity teams have been facing several changes in the cyber environment at increasingly shorter intervals. And with the arrival of another year, it's time to evaluate strategies and restructure digital security actions, since this context will continue to bring challenges and innovations, since threats are no longer restricted to on premise, and attack vectors take advantage of gaps in any environment. 

Phishing is one of the oldest criminal actions on the Internet. Nevertheless, this scam continues to be applied and is getting better and better. By 2023, the trend is for phishing to be even more refined by criminals. 

This is why all internet users, especially in the business field, need to be vigilant. By knowing the phishing trends, you put yourself ahead of the scammers and avoid becoming another victim of this criminal practice. 

Get to know the biggest trends

In general, most phishing campaigns follow the "spray and pray" tactic, where the fraudsters send messages to thousands or millions of users at the same time, with no set criteria for target selection. Even if only a small percentage of recipients fall for the scam, the criminals will still profit.

That's why you need to prepare your company in 2023 and improve cybersecurity, learn about some of the top phishing trends. We have put together some of the key trends that will raise your level of protection.   

1. Growth of vishing and smishing

Vishing and smishing are variations of phishing, in which the blows are delivered by voice calls and SMS messages respectively. 

The text of the smishing message will always have a malicious link that takes victims to a form used to steal the information. The link can also download viruses onto the victim's device. The text messages often express a sense of urgency or an unmissable opportunity.   

According to the Phishing Activity Trends Report, the second half of 2022 saw an increase of almost 70% in this type of scam, compared to previous months. 

The number is quite frightening and is likely to grow even more in 2023. Therefore, it is important to be careful not to fall for the scam and to provide data in voice calls and messages.  

Some important precautions are:
 

  • Be wary of any message sent by banks or stores asking you to update information or to click on links. When you receive messages of this type, be suspicious and call your financial institution to confirm the veracity of the contact.  
  • Never click on unknown links to make purchases, for example.  
  • Avoid storing banking data on your cell phone. This way thieves will not be able to steal them even using malware.  
  • Always report cyber attacks to avoid further scams.
     

Besides SMS, it is worth remembering, smishing also encompasses scams given via electronic messengers such as WhatsApp and Facebook Messenger. 

2. Phishing in collaborative communication tools

The Dark Reading portal presented a survey that interviewed 252 IT and information security professionals in the United States. 

More than half of the respondents have reported phishing activities from collaborative communication tools such as Slack and Microsoft Teams.  

The attacks are succeeding because with Microsoft Teams, unlike email, end users have an inherent trust in the platform. And given that these types of applications are increasingly common in business environments, it is worth being careful not to become a victim of phishing through them. 

Soon, these Teams phishing messages will be reportable by Office 365 users. 

3. Use of adaptive techniques 

The study also found that criminals are using adaptive phishing techniques. 

Also known as polymorphic attacks, with this technique phishing messages are adapted to reduce the chances of being identified as spam by mail servers. 

Polymorphic malware is a type of threat that has the power to transform itself. Its main purpose is to change its appearance to avoid detection when infecting a device, such as in email. Cybercriminals use cryptography to reshape the virus.  

In this way, the malicious agent is encrypted with a variable cryptographic key.  

This increases the chances that more people will fall for the scam and reply to the messages by sending data and other sensitive company information. 

4. Improvement of social engineering techniques 

Scammers are also improving social engineering techniques, which now use open-source artificial intelligence capabilities to steal information and crack passwords. 

As social engineering techniques have improved, messages become very much like a real e-mail, and scammers are able to send targeted campaigns and create more convincing messages.

This increases the chances that users will open the e-mails and become victims of phishing. 

Cybercriminals are getting smarter and smarter and using technology to take advantage of other people and companies. ISH uses the best security measures to prevent its customers from becoming victims of phishing scams. 

So, if you need to maintain information security in your company, be sure to contact us and learn about our solutions. This way, you avoid headaches with major attacks in 2023. 

  

Tags: , , SECURITY, , , SECURITY , SECURITY CULTURE

Leave a Comment

Your e-mail address will not be published. Required fields are marked with *

Copyright © 2022 ISH Tecnologia, All Rights Reserved.