Phishing attacks are on the rise worldwide. These cybercrimes involve tricking someone into providing sensitive information, letting an attacker into a secured network, or inadvertently downloading malicious software. Often, the victim thinks they are giving a password, user ID, or social security number to a legitimate source.
How big of a problem are phishing attacks?
- In June of this year, companies received an astonishing 2 billion phishing emails.
- In the United States, the FBI recorded $4.2 billion in money lost to cybercriminals over the past year. Nearly half of that amount was due to phishing scams.
- Worldwide, 75% of industries experienced some sort of phishing attack in 2020.
Why are phishing attacks popular? Phishing is a social engineering attack, with the cybercriminal interacting with the victim online or via email, convincing them to perform some action. Often, the attacker will try to get the victim to act quickly without fully considering their actions or taking the necessary precautions.
Types of Phishing Attacks
Phishing attacks seek to trick the victim into giving away sensitive data. A vast majority of these attacks come via email. Because emails are harder to track to their source, this is a safe method of fraud for cybercriminals who don’t want law enforcement to find out where they are located.
Hackers copy the official logo and brand colours of the company that they are impersonating. They may also use official-sounding email addresses that rely on a subdomain or subtle misspelling that can fool someone who is in a hurry to clear their email inbox.
Here is a closer look at the different types of phishing attacks a company may encounter.
- Spear Phishing: Spear phishing targets specific people within a company. These are people who have access to passwords, the ability to send sensitive data, or financial powers. The email may seek to mimic another executive or a service provider and ask the target to send the privileged information.
- Link Manipulation: These emails contain a link to a cloned website that looks official but is actually operated by hackers who steal the information the unsuspecting victim enters.
- CEO fraud: Hackers may seek to mimic a CEO or other executive to ask an employee to perform a task that requires transferring money or entering sensitive data. These targeted attacks are sometimes classed as “spear phishing” because they have specific targets.
- Wi-Fi Spoofing: Hackers may offer free Wi-Fi connections and then steal the information of anyone connected to their network. Sometimes, these fraudulent networks will have the same name as an official business’s free Wi-Fi network.
- Malware/Virus Download: This attack tricks the sender into downloading malicious software that provides a backdoor to the network, tracks keystrokes, or transmits sensitive data.
- Text Phishing: Some hackers forego email and use text messages to steal information or download malware on the target’s phone.
These are currently the most common types of phishing attacks. However, new trends are emerging all the time as hackers seek to circumvent new security measures.
Phishing Trends in 2021
Phishing scams continue to evolve. Companies need to stay abreast of current trends in order to combat the latest issues.
- Highly targeted attacks are becoming more prevalent. 65% of active hacking groups used spear phishing as a primary strategy to gain access to data and secured networks.
- 48% of all malware downloads are Office attachments and Excel files took the top spot as the largest type of malicious Office attachment, accounting for 39% of cases in 2020.
- 43% of all hacking attacks involved phishing or similar strategies.
- 90% of all data breaches were caused by phishing.
- As of early 2021, Google has registered 2,145,013 phishing sites designed specifically to steal people’s data.
- Phishing attacks spiked in the middle of 2021. There was a 284% increase in June of 2021.
- Most of these new phishing attacks target high-level domains like Amazon and Microsoft and seek to mimic their login pages to gain access to customer data.
The best way to combat phishing attacks is to stop them before they get delivered or handle them appropriately after delivery.
How Phishing Attacks Are Delivered
Phishing attacks get delivered in three different ways.
- Up to 96% of phishing attacks come via email. This is the primary means of delivery since it is difficult to track, and email addresses are often publicly available.
- Only 3% come directly via a hacked or cloned website.
- 1% come via phone call or SMS.
The content of these emails can vary depending on the hackers’ strategy.
- A majority of phishing emails (57%) ask users to provide login credentials or direct them to a cloned site where they are asked to log in using their existing ID and password.
- One-third of these emails contain a link that either triggers a download or sends the user to a cloned site.
- 45% of phishing scam emails involve Microsoft brands, products, or logos or seek to steal credentials for Microsoft products.
- 12% of emails have malicious files attached or otherwise trigger a download of malware.
Though it is much less common, phishing content can come via SMS message or voice call. This delivery method only accounts for 1% of all phishing attacks.
The Most Common Subject Lines
Also, phishing scams rely on subject lines and messages that seek to convince the victim to act quickly to rectify an issue. For example, the email will have a subject line such as:
- Failed Delivery
- Security Alert
- Payment Receipt
- Action Required
- Policy Update
- Scheduled Server Maintenance — No Internet Access
- Test of Emergency Notification System
- Important Issue
Some emails tell the victim to take a specific action, such as turning on two-factor authentication, updating a password, or providing a phone number. They typically prompt the victim to go to a site where they will need to enter their “old” password before updating it. The hacker can then steal both the old and “new” passwords.
Other phishing attack messages may ask you to review your security questions or tell you that your account has been locked. These emails will direct you to a site where you enter personal information to access or “unlock” your account.
Many phishing emails seek to impersonate someone within a company or a third-party service provider.
Here are some of the most common email subjects that use this strategy.
- IT: Information Security Policy Review
- Mastercard: Confirm Your One-Time Password
- Facebook: Your account has been temporarily locked
- Google: Take action to secure your compromised passwords
- Microsoft: Help us protect you – Turn on 2-step verification to protect your account
Some companies are more vulnerable to phishing attacks because they lack the robust security measures and employee training that has become common in other industries.
The Most Targeted Industries
According to KnowB4’s Phishing by Industry Report 2021, the most at risk industries depend on the company size. However, Healthcare & Pharmaceuticals as well as Energy & Utilities are the most phished industries.
Small organizations (1-249 employees)
- Healthcare & Pharmaceuticals
- Education
- Not for Profit
Medium organizations (250-999 employees)
- Hospitality
- Energy & Utilities
- Healthcare & Pharmaceuticals
Large Organizations (1,000+ employees)
- Energy & Utilities
- Insurance
- Banking
The report also highlights that large Banking companies, large Energy & Utility companies, large Insurance companies, and medium Hospitality companies have seen their phishing risks increase between 2020 and 2021.
Another report identified these four industries as favourite targets for hackers since they have been experiencing success in the economic climate and have less stringent security measures. Banks, for example, are targeted, but most have established security systems that make success less likely for hackers. Many cybercriminals focus their efforts on easier targets with less experience against phishing attacks.
- Transport and Delivery. The growth of e-commerce and busy supply chain operations have made the transportation and delivery of goods a lucrative business that relies heavily on software and apps for efficiency and communication.
- In addition to precious metals, mined materials are in high demand for use in tech products. Security breaches can slow or shut these lucrative operations.
- The energy sector has had its sometimes outdated systems hacked. When an energy grid goes offline, it can affect millions of people.
- Hacks of vulnerable supply chain or project management software can cause issues for both large and small construction operations.
The Most Common Malicious Attachments
Malicious attachments download onto a computer where they can track keystrokes, allow access to hackers, or help criminals take over the network and demand a ransom to return it.
A vast majority of these downloads are executable files that cause the infected computer to perform an action.
- Three of every four phishing malware downloads are Windows executable files.
- An additional 5% are Microsoft Office documents that contain malware.
- 11% of malware attacks come through Script files.
- 4% are compressed (.zip) files that contain malicious code.
Other attachments include Android code, Java files, or PDFs with malicious code.
The Most Impersonated Brands
Many phishing attacks seek to impersonate well-known brands. One brand is by far the most copied.
- 46% of all phishing attacks focus on Microsoft products.
- 26% mimic international delivery service DHL.
- 11% pretend to represent Amazon.
- 4% have fake Best Buy logos.
- 3% are fraudulent emails from Google.
- An additional 3% impersonate LinkedIn.
Other commonly represented brands are Chase, Apple, and Dropbox. Other hackers try to imitate official agencies, such as the Revenue Department.
What Are the Consequences of a Security Breach?
Cybercrimes like phishing do have a monetary cost. Worldwide projections suggest that ransomware attacks, where hackers take over and lock vital computer infrastructure until they receive a payment, will cost companies $20 billion in 2021. However, the cost of cybersecurity breaches can go well beyond a dollar amount. In some cases, the overall damage to a company’s operations can be catastrophic.
In addition to money lost or paid directly to hackers, companies need to spend additional funds to resolve malware attacks and restore the total security of their systems and computers.
Phishing attacks can cause a loss of productivity, data, and trust. Major companies lose an average of 32,258 employee hours because of cyberattacks. IT professionals need to spend time returning the system to full security, and other employees have to stop work while this process takes place. This can lead to delayed projects, missed deadlines, and issues with clients, customers, or partners. In addition to improving security, these relationships need repairing after a security breach.
For small businesses, a cyberattack can be fatal. As many as 60% of small companies go out of business within six months of a major cyberattack. These smaller players simply lack the customer base, PR skills, and in-house IT expertise to handle the issue.
Phishing and the Shift to Remote Work
The shift to remote work during the COVID-19 pandemic (a trend that looks set to continue in the future) has led to an increase in the number of phishing attacks. IT departments have adopted strategies that mitigate many attacks that happen within the office on a local area network. However, these techniques do not work for remote employees who are not confined to a centralized network. These out-of-the-office workers may be using other devices or connections during their workday.
Employees may not intentionally circumvent security measures, but they may not follow them or they may rely on unsecured connections and devices for convenience and flexibility. Furthermore, companies often need to rely on new remote collaboration tools and methods that are not as secure as an internal network.
Studies have shown that Bring Your Own Device policies help increase productivity, but they expose the company or organization to additional security threats because of unsecured or fraudulent Wi-Fi networks, breaches via Bluetooth or NFC, and malware already on the non-work-issued device. Furthermore, hackers can gain access to devices via additional third-party apps that may not have the same level of security as the employer.
Next Steps
Companies, both corporations and small businesses should invest in technology and solutions to help detect and therefore prevent phishing attacks. Given the volume and sophistication of these attacks that keep growing every year, it is obvious that antivirus software, spam filters and other traditional security solutions are no longer enough to keep your IT environment secure.
At Softlanding, we leverage Microsoft technology such as Azure Sentinel and Microsoft 365 Defender to help organizations detect, stop and prevent a wide range of cyber-attacks. Contact us now to learn more.