Highest Number of Phishing Attacks Ever Recorded This Year
By Dan Beavin, Vigilant VP Security Solutions
A Vigilant Threat Alerts Series
With hackers getting smarter, Vigilant is sharing our expertise to help safeguard your organization and avoid the latest malicious tricks and danger zones.
Phishing 101 – A Quick Overview
The word “Phishing” has been around since at least 1995 and comes from the use of increasingly sophisticated lures to “fish” for users’ sensitive information. The spelling comes from “phreaking” (a 1950s slang term for experimenting with phone systems).
Today, anything that involves deceitful communication with the aim of stealing login credentials or credit card information, installing malware into computer systems, financial fraud, or any other disreputable undertaking can be considered Phishing.
Essentially every business from small to large is at risk – regardless of the industry.
Hackers Continue to Out Wit Employees
A quick glance at the morning news feeds is all the evidence you need to see that hackers are getting smarter, and phishing is more sophisticated than it was even six months ago.
While most employees now know that when an email comes in from a random address, riddled with misspellings, and credentials or other private data demands, it’s absolutely a phishing scam. But what about when an employee gets a text to update their Okta credentials? And what is reaction when the link takes you to a domain that looks exactly like their Okta login?
These are precisely the kinds of questions employees must start answering thanks to these advanced techniques. Being on the lookout for phishing attempts is not as easy or obvious as it used to be. Just last month the Okta scenario described above played out for employees of two major companies.
The Holidays Are Prime Phishing Days
Vigilant is already seeing a huge spike in phishing attempts across our client base this year. In fact, it’s the single largest increase we’ve ever seen. As a company policy we don’t share our client information, nor intel details publicly. However, according to the Anti Phishing Working Group’s (APWG) latest phishing report, Q1 of 2022 saw over 1M phishing attacks – the highest quarter total ever recorded.
With the holidays just around the corner, cyber criminals are taking no days off. The holidays are some of the hardest hit times when it comes to phishing attacks and this season will see the most attacks, yet.
Common Holiday Phishing Themes to Look Out For:
Fake Holiday Sales and Promotions If the sale/promotion is too good to be true, it probably is. Everyone is looking to save money on holiday gifts and cyber criminals know this. If you receive an email about a great sale, navigate directly to that site’s webpage to verify if the sale is truly going on. However, most sales/promotion emails are best sent to spam.
Fake Shipment Notifications Since it’s not unusual to receive surprise packages from family and friends during the holidays, one of the most prevalent cybercriminal tactics is to use fake UPS/FedEx/USPS shipment emails to trick individuals to click on the “package tracking” information link. The best advice here is to take the tracking number from the email and go directly to the shipper’s website to verify any information.
Fraudulent Order Emails Watch for notifications from sites that you have never purchased from. Often these will have an urgent sense to them – attempting to get you to respond on impulse – before thinking it through. If you are unsure of an order, go directly to the site’s webpage and verify that the order appears in your account. Never use the included links in an email.
Gift Card Purchase Emails This theme commonly gets an unsuspecting individual to purchase gift cards for the “CEO” and provide the codes off the back of the card. The best way to protect against this type of attack is to pick up the phone and call the person they are claiming to be.
Donation to Charities These fraud emails attempt to get you to react quickly and click the link or call the number in the email to “verify or prevent” the charge from going through. The cyber thieves will ask for personal information and bank details. Always verify your own finances by using known links for the websites. Never use the links or numbers included in an email to make contact.
Vigilant's Top 3 Recommendations to Protect Your Business
Every business today is already convinced of the importance of security awareness training. The challenge can be finding the program that will be most effective given the unique circumstances of a particular organization.
As part of our best practices to end cyber risk, Vigilant reviews the most effective and strategic ways possible to keep security top of mind when encountering Phishing threats. This year’s top three are:
- Use strong passwords with multi factor authentication
- Conduct quarterly phishing awareness training
- Don’t click that link! Verify it before acting
While strong cybersecurity policies and documented practices are critical for fending off various forms of phishing attacks, it’s not the only solution needed, especially as these kinds of phishing attacks increase in frequency and sophistication.
To learn more about how ongoing security awareness programs can empower employees to better defend themselves, the Vigilant team is always happy to chat with – and mostly listen – to you about your overall security infrastructure.