Digital transactions increased by 42% following the pandemic and cybercriminals have been quick to notice and have taken advantage of the situation. In fact, as of early 2021, more than a quarter of digital retail websites were found to be malicious.
Cybercriminals never stop thinking of ways to attempt phishing scams. Identity theft protection professional Carrie Kerskie stated in a recent interview that, "Bad guys are always finding new ways to get between you and your information and you and your money." When attackers get creative, we must stay alert and aware of the latest anti phishing tactics. If you want to protect against phishing attacks in 2021-2022, the following list is a must-read.
Learn more about BrandShield’s comprehensive anti-phishing solution, combining the monitoring, detection, and takedown capabilities you need.
Scam studies: Trending phishing methods to keep in mind
- Online impersonation: Known as "Spoofing," this common cyber threat evolved to include new platforms and sophisticated maneuvers. Cybercriminals impersonate organizations, leaders, employees, and customers to uncover information and gain access to company and personal assets.
- Company impersonation: Criminals take on the form of an established brand or app to create an entry point to convince people to offer their credentials. This type of phishing scam also includes domain name look-alikes that lead customers to believing they're interacting with the original brand.
- Executive impersonation and whaling: Recent studies reveal that 46% of company executives have experienced phishing scams, which is an increase of 131% between late 2020 and early 2021. Social engineering methods convince victims to perform specific actions, such as wiring funds, providing sensitive information, or granting access to company systems. Any anti-phishing strategy must consider executives a particularly hot target and prioritize protecting them.
- Social media ad scams: Social networks have been at the center of phishing scams for quite some time, but ads offer new opportunities for cybercriminals. In the first half of 2020, the FTC received more complaints regarding social media ad-related scams than in all of 2019, resulting in a $117 million loss. Today, social media ads are responsible for almost a quarter of all online shopping scams, with Facebook and Instagram taking the lead. Cybercriminals make false promises that shoppers find hard to miss and gain access to personal information and accounts.
- URL redirection scams: This tactic enables cybercriminals to exploit simple online mechanisms and redirect users from the original URL to a different, fraudulent one. It's hard for online users to detect this threat because we all encounter URL redirection on a regular basis, making it seem innocent enough. Scammers even go the extra mile and include CAPTCHA verification to make the interaction seem more authentic.
Some URL scams send users’ personal information to third parties. These scams might also trigger a “share” feature that forwards the malicious link to the person’s contact list, turning more unsuspecting users into phishing victims.
Other URL-based tactics present users with promotional deals, online contests, and other fake opportunities. These appear to be under the original website’s name and require users to provide personal information or payment details.
- Facebook Messenger scams: Messenger is a popular communication platform, and cybercriminals utilize it for attacks. An invite to download a fake Messenger update was at the center of a recente phishing attack that reached 5,700 users. The attack managed to bypass filters and paved the way to victims' login credentials.
Other Facebook Messenger scams approach users asking, "Is that you?" followed by a malicious link that victims are tempted to click. They are then directed to what seems like Facebook's login screen and unknowingly provide cybercriminals with sensitive information, including access to their contact list, which allows them the chance to deceive many others.
The threats mentioned here should be part of every organization's anti-phishing strategy, and companies must continuously update their policies and solutions to keep up with the latest tactics. Otherwise, the damage to the business and its customers can be catastrophic. Even if your organization takes pride in its external threat detection capabilities, staying alert is vital and being able to not only detect threats, but also defend against them makes all the difference. In the perpetual race between cybercriminals and protectors, you simply can’t afford to fall behind.