Phishing scammers never miss an opportunity.
Whether preying on complacent workers, excited enthusiasts, or even the vulnerable, they’re always looking for a way in.
That’s why knowing the latest new phishing techniques is so important.
As business professionals, it’s crucial to learn new attacks to warn fellow employees, adjust email security, and your monitor systems.
When someone eventually comes across a bad link or suspicious file, you’ll be glad you did.
New Phishing Attack Research
In late 2021, researchers completed a fifteen-month analysis of 15,000 people, profiling those who click on phishing emails.
Both the youngest and oldest employees tend to click more often.
And, the more people use specialized software for repetitive tasks, the more likely they were to fall for new phishing techniques.
But, the most disturbing statistic was this: nearly a third of employees eventually click on at least one dangerous link or attachment.
The more employees you have and the more phishing attempts they face, the more likely your business is to suffer a problem.
In a separate study, researchers examined over 5,300 phishing pages, finding that one-third went inactive after the first day.
It highlights just how quickly phishing attackers move, and the whack-a-mole difficulty in blocking phishing domains.
Fortunately, the largest email providers continue to work to minimize our exposure.
In 2021 alone, Microsoft blocked 35.7 billion phishing emails with Office 365, as well as more than 25 billion Azure Active Directory brute force authentication attacks.
Google even changed their Calendar settings to prevent automatically adding malicious invitations to Google Calendar. They also added warning banners in Google Drive to alert users of potentially suspicious files.
While anti-spam efforts have room for improvement, every step towards a more secure environment is appreciated.
Russian-Ukrainian Conflict Phishing
As part of new phishing techniques, spammers always attempt to take advantage of global misery.
Sadly, the Russian-Ukranian conflict is no exception.
New phishing techniques target people helping refugees, donations to the Ukraine, and employees concerned about potential supply chain impact.
Some phishing attacks even pose as “The Microsoft Account Team,” and warn of possible Russian logins to the victim’s account.
Now is a good time to remind coworkers: new phishing techniques tend to chase the latest news headlines.
Other New Phishing Messaging
Of course, there are many new phishing attacks outside of the headlines, as well.
In India, new government electric vehicle (EV) incentives led to a surge in new phishing techniques, seeking to exploit consumer interest.
Certainly, you can expect similar attacks in the U.S. that look to exploit our own self-interest in national and local incentives.
Other recent phishing attempts prey upon financial fear.
For example, one scam “informs” Citibank customers that their account has been put on hold due to suspicious transactions or logins.
When viewers attempt to resolve the issue by clicking the link provided, they wind up becoming victims.
These attacks work well on corporate accounts where multiple people are able to enact transactions.
Advanced Phishing Techniques
New phishing techniques now use emails to deliver novel attacks, or to kick off more complex strikes.
The BazarBackdoor attackers send malware-free emails that bypass email security, directing users to a website contact form instead.
These innocuous emails offer to deliver something of interest, such as product price quotes or shipping information, through common file-sharing services.
Instead, they deliver malware.
Other new phishing attacks deliver links to malware via QR codes embedded in emails, or even as stickers in restaurants or other public locations.
While great for providing useful information to consumers, QR codes can directly execute malware or redirect users to credential-stealing websites.
Microsoft also recently uncovered a multi-stage phishing attack that preys upon organizations who don’t use multi-factor authentication.
The first stage steals an employee’s email like regular phishing attacks, but instead of attacking the victim, the second stage establishes a new Office 365 account in the victim’s name on a rogue device.
Once established on the new computer, the victim’s account is used to send internal phishing attacks within the company, or to customers using the legitimate email account.
These two-stage attacks appear legitimate, and can even deploy malware on the company’s OneDrive or SharePoint systems.
Preventing Phishing Attacks
Preventing scams like these start by educating yourself and your team on the latest forms of attacks.
However, that’s only the beginning.
To truly protect yourself, you need effective email security, overlapping layers of IT defense, and to actively monitor for breaches.
An investment in security blunts future attacks and allows your security team to reduce the damage from the inevitable successful attack.
For temporary or ongoing help in phishing education or phishing defense, contact Ideal Integrations at 412-349-6680 or fill out the form below.
Our experts will provide a no-obligation, plain-English consultation of options that fit the needs of your organization.