As we enter 2021, we look to take stock of what we learnt in 2020 and push forward into the new year. With many drastic changes to both our personal lives, and the working environment we look at how these changes affected the most common successful cyber attack, phishing. We also look at preventative measures to stay one step ahead of the hackers again this year.
Phishing Is Changing In 2021
The phishing environment has changed drastically in the past year, as there has been drastic changes to daily life. Phisher's and hackers have attempted to take advantage of the different working environments, and new tools being used for work from home, in order to perpetuate their new scams. 2020 saw a record increase in phishing site, 2.11m phishing sites were detected by Google in 2020, a 25% increase on 2019.
From the statistics, it looks like cyber criminals will be ramping up their efforts in 2021, with 64% of businesses are anticipating an increase in COVID related phishing emails in 2021. For IT professionals, this means being proactive in the face of this growing threat. Increasing security awareness training efforts, multi-factor authentication and restricting VPN connections. Whilst the difficulties of working from home continue, end-users and IT departments will need to adopt more collaborative approaches to identify and prevent phishing attacks.
Pandemic related phishing scams
Coronavirus related phishing scams are one thing from 2020 we expect to increase in 2021. There has already been reports of coronavirus vaccine related phishing emails. It was found the users were 3x more likely to click on a Covid-19 phishing email. Recent findings are that the Covid-19 Vaccine is being used by cybercriminals, who claim to be selling vaccines online.
Remote Work Related Phishing
Remote work related phishing emails are on the rise, with hackers exploiting new working from home measures, to confuse employee's who have had to make the move to WFH in the Covid-19 pandemic.
One method that phishing scammers are exploiting is the need for virtual meet-ups, specifically Zoom and Google calendar invites. This phishing method is particularly effective as there are many links to invites being sent out.
Another new attack vector that came to the forefront in 2020 was chatbot phishing. Scammers are employing this more conversational approach in order to take advantage of the technology and scam users.
Scammers will usually start this technique through the usual methods, SMS or email phishing scams directing to a website. This website is likely a fraudulent version of a legitimate site they are claiming to be.
This is when the scammer will utilise the chatbot guiding you into a conversation in order to extract sensitive details. Beware of offers of large prizes on chatbots, and always make sure that you access the site you intend to through a search engine, not via. an email/SMS link.
New Phishing Methods for Attackers in 2021
2021 will be characterised by the new methods and modes of attacks that hackers are increasingly adopting both last year, and at the beginning of this one.
One new method being exploited by hackers is ‘Smishing’. Smishing is essentially “any kind of phishing that involves a text message”. Hackers have started to increasingly use smishing due to the higher volume of messages increasingly sent through mobile over email, and the lack of awareness amongst users of the smishing threat.
Victims of suspicious emails have become , whilst a message with a link is less commonly known as a threat. Whilst iPhones and others have good security systems, the problem is that nothing can prevent against a phishing attack – it relies on the user falling for the bait. This means despite the security settings users need increased education on the risk of phishing.
Avoid Becoming A Phishing Victim
It’s important to remember the techniques to prevent against phishing, even within these new contexts. For example, financial institutions will never ‘cold’ request your details, without you contacting them first. If you do receive such a message, whether it be email, text or over the phone – think about it first and if it seems suspicious, either ignore it or reach out to the institution to check by other verified means.
Tips to Staying secure:
- Check for misspellings or different domains
- Be wary of out of the blue requests for personal data
- Check your credentials (emails, passwords) are not readily available online