Cybersecurity experts agree that cybersecurity should continue as a priority for organizations in 2019. From analyses on attacks in 2018 and Q1 thus far in 2019, one thing has become clear: criminals are applying new tricks to old tactics this year.
What are these old tactics?
Phishing attacks more than doubled last year and are on the rise this year, too. As criminals seek to trick their victims into handing over information—including credentials—they are applying the tried and true phishing attack to open doors on your network.
The spin on phishing that experts are seeing this year?
Criminals are focused on tying those scams to current events and social media to get more people to click on their links and engage with their “marketing”. More and more, criminals are mimicking how successful businesses and organizations do their online marketing—emotional headlines, timing, testing and calls to action that convert—to get your users to fall for scams.
How bad are phishing attacks in 2019?
Numbers since 2017 show an increase in phishing attacks by nearly 250 million. And a huge chunk of users that were attacked—over 18% of them—actually fell for attacks last year. An eighteen percent conversion rate is pretty high for any marketing campaign, let alone an overall average for all phishing attacks.
Just to repeat that: phishing attacks are on the rise by a lot and scams are getting through to users more now than ever before!
How are hackers getting users to click?
They are essentially improving campaigns related to current topics on your team’s mind.
One big one in Q1 (something that will persist for some time more) is on tax deadlines.
Warn your users to be wary of emails from accounting giants like Turbo Tax or from Federal and State revenue services. Instead of having them click to view a W2 or submission of any sort, encourage them to go to official web pages and to log in from there (this completely avoids the issue of divulging information when clicking on a malicious link).
Other topics that have been hot lately?
Anything newsworthy. Maybe it’s the latest news from the White House. There have also been a LOT of scams on new smartphone launches. Deals for upcoming holidays (Memorial Day isn’t for a couple of months, but scammers will most certainly mimic advertisers for holiday deals). Whatever a criminal ring might thing will hook a victim is likely being tested on your users right now.
Other current campaigns that have still gotten traction (as in big conversion rates)?
Scare tactics are huge. Sextortion scams and blackmail schemes, coercing victims to send money in exchange for keeping very sensitive information private, have been getting people to shell out hundreds to thousands of dollars in cryptocurrency. Another campaign from earlier this year noted for using a victim’s legitimate password in an email as a scare tactic. [Note: a lot of your user’s passwords are already being bought and sold on the Dark Web, consider a network security assessment as a first step to see how vulnerable your team’s passwords are to compromise your network.]
Nearly a quarter of people receiving emotional email scams of the sort mentioned above are actually following instructions or clicking on links in the scam emails they’re receiving.
That can’t happen to you?
Think your team is too smart to click on a scam email? That’s what nearly every organization that we’ve helped recover from a breach or attack thought before someone within their organization clicked or complied with a phishing email.
The modern phishing scam is far from the African Prince scams of the 2000’s. Criminals have realized how to optimize their messages and have studied how to trigger responses from normal, intelligent people.
It doesn’t matter how smart or cautious you think your team is. The bottom line is that it’s become exceedingly hard to make sure every single person on your team avoids falling for a scam.
What’s making things even harder?
Criminals have expanded their net to all sorts of social media and search platforms. Do you know anyone that listens to Spotify? What about translating something in Google Translate? These services, among others, have been used by criminal phishing schemes.
In 2019 cybercriminals are using old methods—the likes of phishing scams—with new tweaks to communicate a very convincing message to an audience that is listening.
My question to you: is your network prepared?
Do you have appropriate protections within your team’s email accounts? Do you even understand where your network vulnerabilities lie? Will one compromised account lead to a major data breach or cyberattack?
Contact us today for a free network security assessment.