2021 Most Dangerous Scams - Phishing

Phishing_scam.jpg

Due to the COVID19, we have seen a noticeable rise in people working from home, unfortunately cyber criminals are looking to exploit this which creates the perfect conditions for a surge in online crime.  

Research which is published by the Ponemon Institute found that in the UK 79% of respondents have seen an increase in social engineering attacks since the start of the pandemic. Would you believe that only 43% of organisations in the UK were found to have a policy on security requirements for those working remotely from home? The scammers have never had it so easy, therefore bearing this in mind, these are the biggest phishing threats to watch out for in 2021 and tips of how to mitigate against them.

Phishing is one of the most common social engineering threats, it means a fraudulent attempt to obtain sensitive information or data by disguising as a trustworthy source in electronic communication. We tend to naturally think that phishing is just emails, however there are other variants such as Smishing for text messages and Vishing for voice call scams.  

If you look through your Junk folder you will see a mix of fabricated invoices and emerging threats. Unfortunately, not all phishing attacks get filtered through to your Junk folder, therefore you need to remain vigilant.  

Scammers are getting increasingly more sophisticated in their attempts to get your credentials. Let’s take a recent example of people getting a bogus email to claim that their Office 365 password has expired and it needs to be reactivated. It seems that many of the phishing attempts which have occurred recently are using Office 365 to lure people in. If you were to click the link, you would find a page that looks like the genuine Office 365 login. Worryingly your businesses logo can even be mirrored into the page with the correct business address at the start of the URL and even background branding.  

The best mitigation advice is also very difficult to follow – never click a link directly in any email and always browse to the website manually. Alternatively, you can verify with a known and trusted contact manually by instead creating a new email and not clicking the reply button. This advice is also particularly relevant when we consider Smishing scams where links are embedded into text messages.  

People are more reliant on using landlines due to COVID-19, therefore vishing is still a popular tactic used by scammers. Something known as reverse phishing is on the rise, a recent example of this is receiving information that your banking or social media is locked. As it suggests, reverse vishing actually reverses things. Therefore, instead of the scammer calling the victim, instead they get the victim to call the scammer. This almost sounds like it’s too good to be true, but it really does work. The scammers will scan genuine support threads and respond as a customer service representative, requesting to be called back. If this is carried out successfully, the victim ends up calling a fake customer service number. Alarmingly, as they called the scammer they end up revealing essentially whatever information that is requested without any suspicion.

Vishing requires the scammer to have your personal details, such as your contact number and they usually use caller ID spoofing impersonating a trusted organisation or even an unsolicited call.

Just like the advice given for link clicking - only call support numbers which you know to be genuine and perform absolute diligence to ensure they are legitimate.