Phishing, the practice of sending fraudulent text messages or emails for the purpose of gathering personal information, is on the rise. FraudWatch International points out that phishing attacks have been increasing for years and that, unfortunately, there’s no end in sight. In fact, the number of phishing attacks grew by 40.9% in 2018 alone.
With phishing scams getting cleverer all the time, what’s the best way to avoid becoming a victim?
Stay ahead of the game.
By keeping abreast of scammers’ favourite tricks and reviewing the current trends in phishing cyber attacks, the general populace can train themselves to steer clear of even the most deceptive phishing schemes.
In 2019, a few of the latest phishing trends include:
1. SMS Text Messaging
Mobile phones aren’t safe any longer. Traditionally, phishing scams have been associated with email accounts, but phishing attacks via SMS text messages are expected to be on the rise in 2019.
Mobile phone owners should always be wary of following links sent to them via text message, particularly when the message is sent from an unrecognised number. Links leading to websites which require login credentials or other personal information are particularly suspect.
58% of phishing sites are now using HTTPS. In the past, internet users have been commonly advised to be cautious when entering personal information into non-encrypted web pages. The image of a padlock at the left of the page’s URL is an easy indicator of encryption status.
While this is still good practice, it’s no longer feasible to associate HTTPS with internet safety. In 2019, the lock cannot be equated with a secure site, and users should still be on their toes when entering personal information, even on encrypted sites.
3. Collecting SaaS Credentials
In 2019’s first quarter, phishing which specifically targets Software-as-a-Service (SaaS) accounts became the largest phishing category, sitting at a hefty 36% according to the Anti-Phishing Working Group (APWG).
These SaaS credentials are particularly useful to phishers not only because of the financial data they can yield but also because SaaS logins provide hackers access to employee data. With this, phishers can engage in a practice called “spear phishing,” where they target individual users by sending fraudulent emails from a trusted source (a SaaS provider, for example) and ask them to update user data or something similar.
That’s right—even emails from trusted service providers aren’t always safe.
4. Consumer Cloud Hosting Services
While phishing attacks have, in the past, largely targeted organisations such as financial institutions and payment services, hackers are adjusting their focus. While cloud security isn’t exactly a new concern, phishing experts are beginning to go after cloud hosting services which specifically serve consumers rather than organisations. For example, scammers are increasingly attacking frequently used services like Google Drive and Dropbox, collaborative tools utilised frequently for personal and business use.
To protect themselves, many users, and indeed many providers, have opted for changing passwords regularly in accordance with password expiry policies. However, in a recent article from Microsoft, they have announced that they are moving away from password-expiration policies, deeming the practice as “an ancient and obsolete mitigation of very low value”.
So, the best thing consumers can do to protect themselves against a potential security breach is to use 2-factor authentication wherever possible, use very strong passwords and use different passwords for different sites. A password manager such as LastPass can help with this.
Even with the knowledge of the latest phishing trends, some phishing tricks will still be deceptive enough to have some would-be victims scratching their chins. Aside from education, the best way to beef up defence against cyber attacks is to always be cautious and think twice before opening links or inputting sensitive information.