Studies into cybersecurity and the effects from Coronavirus lockdowns showed a massive spike in attacks and against corporations and work-from-home employees, in particular phishing attacks and spam. Researchers found that attacks using phishing as a vector were up by 667%. Despite this rise in phishing attacks, many corporations were unprepared for the challenges and aftermath of a successful attack including the software necessary to mitigate them.
Attackers using COVID-themed emails prey are recipient fears. Preying on emotions is how phishing attackers trick users into divulging information or clicking links. Before COVID lockdowns, phishing attackers would commonly use threats of suspension or the fear of losing accounts to get people to respond to emails with their private information, including credentials. Now that Coronavirus has ravaged several countries and caused numerous deaths, phishing attackers’ prey on those fears.
So far, there has been much success for phishing attackers across several mediums. Email is common, but attackers also use text messages and web-based applications. If users are unaware of the red flags, they might click links or answer messages without a second thought.
For example, using a sense of urgency using text messages, an attacker can include a link telling users to read a web page and submit information on the site to read important information about COVID-19. The text messages usually contain a URL shortener to link users, which is a red flag. URL shorteners hide the web domain behind the shortened link, so users cannot see the targeted page. After users submit information, any data included in the form submission is sent to the attacker.
SMS is often preferred over email, because users have far fewer cybersecurity defenses for text messages than email, but email can be sent at a faster rate. Email addresses are more easily found, and spear-phishing is easier with a list of corporate email recipients. Even with a rise in SMS phishing, email is still the most popular way to launch an attack against a targeted user.
In spear-phishing attacks, specific users within the organization are targeted with emails meant to trick users into divulging their network credentials, sending information to an attacker, or paying a fraudulent invoice. Researchers noted a 73% increase in phishing attacks from March to September in 2020, and it’s expected to get worse in 2021.
Even with the vaccine introduced to the general public, researchers still think that organizations and individuals will see an increase in phishing attacks in 2021. Some of the biggest attacks initiated from phishing, and it’s an effective tool to trick users into divulging sensitive information.
Even more concerning is that phishing attacks are more sophisticated than they were several years ago. Attackers no longer send bulk email to random users. Instead, they target specific people by first performing reconnaissance and finding out as much about the target as they can before sending emails. This means that an attacker sends fewer emails, but they are much more sophisticated in their attacks. In many cases, the attacker uses social engineering with phishing to trick corporations into sending potentially millions of dollars to an attacker-controlled account.
As more users began transitioning back to an office, it’s still important to keep email security installed on servers to ensure the safety of the organization and its users. Email filters can stop malicious messages before they ever reach a targeted user’s inbox. This eliminates the threat of a user responding to the email, clicking a link, or interacting with the attacker at all.
Administrators can configure the email security to block messages with attachments as well. These attachments often contain malicious executables or Microsoft Office documents with macros used to download malware to the user’s local device. By blocking these emails, a corporation can stop many of the most common attacks that can lead to a critical data breach.
The right email security can eliminate many of the latest phishing attacks, especially those that are more sophisticated than standard attacks. As phishing continues to rise, so will instances of spear-phishing where attackers limit the number of emails to only a select few to avoid detection by spam filters. These sophisticated attacks should be stopped to protect the business and its customers. The right email filters will stop these email messages using artificial intelligence (AI), learn to detect an attack before it turns into a data breach.
Protect your organization and employees from ever-increasing phishing attacks. SpamTitan provides advanced phishing protection. Prevention against spear-phishing by scanning all inbound emails in real-time. Start SpamTitan free trial today.
Sign-up for email updates...