Phishing Attack Trends to Be Aware of in 2022

Phishing Attack Trends

Phishing remains one of the biggest dangers to every business’s security as it is the main delivery method for all types of cyberattacks. Cisco’s 2021 Cybersecurity threat trends report shows that at least one person clicked a phishing link in around 86% of organizations and suggests that phishing accounts for around 90% of data breaches.

Hackers don’t care if you are a big or small company. Smaller companies are targeted as they have less security than larger companies and are thus easier to penetrate.
Did you know that 43% of all data breaches are from small and mid-sized companies, and 40% of small businesses that become victims of an attack experience at least eight hours of downtime as a result.

One staff member accidently clicking on a phishing email can be responsible for a bringing a company’s IT infrastructure down. Phishing takes advantage of human error and out nature to help, to fool the recipient into divulging information or infecting a network with malware.

Your best safeguards against the continuous onslaught of phishing include:

  • Ongoing employee cybersecurity training.
  • Email filtering.
  • DNS filtering.
  • UTM Firewall.
  • Next-gen antivirus/anti-malware.

To make sure your IT security is being upgraded to meet the newest threats you need to know what new phishing dangers are headed your way. This blog article shows some of the latest phishing trends that you need to be on the lookout for in 2022.

1. Business Impersonation Is Now Being Used More Often

Most users now know to be careful of emails from unknown senders. The bad guys are aware of this and are now using impersonating known businesses. This is where a fake email will arrive and will look like a legitimate email from a company that the recipient may already do business with or know.

As business impersonation being used in phishing attacks increases, users need to be suspicious of all emails and not just those from unknown senders.

2. Text Message Phishing – Smishing

With mailboxes know being overrun with spam and fake emails cybercrime organisations are now moving to text messages to spread malware. Everyone has a mobile phone and fewer people are suspicious of text messages than email messages.

This type of phishing is called “smishing” and the same principles apply to SMS’s as to emails – if you are not expecting a message, contact the sender and don’t click on links.

3. Spear Phishing Is Now Targeting Smaller Businesses

Spear phishing is a more dangerous form of phishing because it’s targeted and not generic. In the past spear-phishing was used against larger companies as it takes time to set up a targeted and tailored attack. However, as large criminal groups have made their procedures more efficient and quicker to implement they are now able to more easily target smaller companies and organisations.

As a result, small businesses are now receiving more tailored phishing attacks that  users are now having a harder time to identify as a problem.

4. Business Email Compromise (BEC) Is Rising

This is when attackers take over an legitimate email account. Emails are then sent out from this account to other staff members, suppliers and customers of that business. These emails are then more trusted as they are coming from a familiar email address.

So be on the look out for emails purporting to come from a legitimate source but the tone of the email looks off (ie the sender doesn’t normally write or sound like that) or if they are asking for strange things (ie gift cards, money transfer etc).

Are You Protected From Phishing Attacks?

It’s important to use a multi-layered strategy when it comes to defending against one of the biggest dangers to your business’s wellbeing. Get started with a cybersecurity audit to review your current security posture and identify ways to improve. Contact us now to help improve your security.