19 Jan How Phishing is Changing in 2024
In the modern world, there are many different types of cyber-attacks that your business will come up against. However, one of the most pervasive attacks is social engineering — the most constantly evolving threat a business can face.
One of the most common social engineering attacks, phishing, has only been getting stronger with new technologies that make it easier than ever before. With the world becoming more interconnected than ever, it’s so important to ensure that you’re knowledgeable about the attacks you could face.
In this article, we’re going to go over the new phishing delivery methods, as well as the rise in the sophistication of these attacks. We’ll also go over how you can get started with protecting your business today, including how we can help you ensure that all of your bases are covered.
The Rise of New Phishing Delivery Methods
As the world gets more interconnected, scammers have found more ways to take advantage of modern technology to take phishing attacks to the next level using newer delivery methods. Where before phishing would primarily take place over email or mobile, new technologies make it easier than ever for attackers to access new victims.
Microsoft Teams has become a major player in communications in the post-pandemic world, with lots of businesses relying on it as their all-in-one communications solution for greatly enhanced productivity and connectivity. Recently, Microsoft has detailed a Microsoft Teams phishing campaign used by attacker ‘Storm-0324’ that hijacks Microsoft Teams to carry out phishing attacks.
This attack is very worrying for lots of organisations, as it’s attacking on an axis that lots of employees would’ve never thought possible. After all, Microsoft Teams seems like it could never be breached due to it being an internal communications platform — meaning that employees trust teams more.
Similarly, another new and commonly used technology to commit phishing attacks is QR codes. Due to the fact that QR codes link to another website, attackers can use QR codes to obscure malicious website links and use them to direct a user to somewhere malicious or even harmful.
QR code scams have been plaguing the restaurant industry since the common implementation of menus using QR codes over the pandemic, but attackers are now using QR codes in PDFs and Word documents to try to trick business personnel into thinking that a QR code is safe to scan. These attacks are known as ‘quishing’ attacks and are dangerous due to the ease of using QR codes to mask the malicious nature of the link or desired attack destination. After all, it’s much harder to spot a malicious
Another common phishing attack is called ‘smishing’, and is the use of SMS (texting) to send fraudulent texts to unsuspecting victims. This is not a new technology but has become more common over time as email phishing scams have become easier to spot and avoid due to being incredibly common.
Increasing Sophistication and Personalisation
Another important thing to know about modern phishing scams is that they’re becoming far more sophisticated and increasingly targeted, meaning that they’re also becoming harder to spot.
The rise of artificial intelligence is a massive player in this. Having access to a machine that can access all of the available information online means that attacks are not only becoming more replicable using automation and machine learning but are also becoming more dangerously realistic due to the sheer amount of power behind AI.
AI language models like ChatGPT have made it easier for attackers to create highly realistic scams — and Microsoft claims that attacks will only become more realistic from here on out.
On top of this, spear phishing is becoming a common concern for organisations worldwide. Spear phishing is a phishing attack that specifically targets individuals using highly personalised attacks, which is far more dangerous than the run-of-the-mill mass phishing attacks that most people experience.
Spear phishing targets specific organisations, meaning that your organisation needs to be incredibly careful and vigilant about them as they’re designed for your employees to specifically fall victim to. Ensuring that you’re up to date about how to protect your business is vital here, as any steps you take to protect yourself will help you fight these attacks.
How to Protect Your Business
There are a few different ways to protect your business from phishing attacks. Unlike malware, these attacks are a bit trickier to fortify yourselves against as you can’t just install an antivirus and endpoint detection software to counteract them.
The most important thing is educating your employees on these attacks and what to look out for. By doing so, your employees can also remain vigilant and not fall victim to these attacks. The best way of doing this is by running regular security awareness training. This will allow you to train your employees and keep track of their knowledge, letting you fill in gaps wherever required.
Otherwise, utilising security tools available to you to create as many security measures and checks as possible is also vital. Tools like multi-factor authentication (MFA) will not only act as a barrier for hackers and malware to gain access to credentials but will also give your employees another chance to stop and think about whoever they’re giving access to.
Other tools such as SMS/email security and anti-spam solutions are also good at just stopping low-level phishing attacks from getting to you.
How We Can Help
Phishing attacks are powerful social engineering attacks that can damage your organisation if not stopped. From Microsoft Teams to QR codes, there are lots of different ways that phishing attacks can target you — so remaining vigilant is one of the most important things you can do to protect yourself.
If you’re looking to start with cybersecurity but don’t know where to begin, reach out to our experts today. We’ll provide you with a helping hand to get started, and keep supporting you along the way.
Contact us now and see how we can help.