Phishing is big business - don't take the bait.
In the last year, phishing attacks have seen a meteoric rise as attackers continue to refine tactics and share successful types of attacks.
In particular, they’ve taken advantage of the malware-as-a-service offerings on the dark web in order to increase the efficiency and volume of attacks. In fact, 91 percent of cyberattacks and their resulting data breaches now begin with what’s known as a spear phishing email message. As a result, dental offices should take the time to learn to recognize phishing to protect critical data.
We often associate phishing with cybercrimes that relate to online banking: crooks send an email luring you to a website that’s a visual clone of your bank’s login page, where you enter your credentials into a phony form and drop them right into the criminals’ laps.
But phishing covers more than just fake banking sites and links to life-enhancing pills or package deliveries: it’s really just about dangling bait in front of you and waiting for you to swallow it, providing them with useful and valuable information.
Phishing campaigns are generally more successful when they use contextually relevant lures, and between 2013 and 2015, phishing attack trends followed consistent and predictable patterns. During each of these three years, phishing attacks tended to increase from month to month before finally surging in the fourth quarter of each year, during the holiday seasons.
However, this wasn’t the case in 2016. Instead of peaking at the end of the year, phishing attacks crested in the middle of the year, with localized spikes in attacks that took advantage of regionally specific events or periods of fear and anxiety. For example, uncertainty around the United Kingdom Brexit vote was exploited to target government departments in May and June 2016. In the United States, tax return season saw IRS-themed attacks increase by 400 percent over previous years.
As mentioned, phishing covers more than just fake banking emails and package delivery alerts; it’s about convincing you to provide something valuable to the attackers. And what started off as simply “phishing” has now developed into three branches of attacks: the classics, mass phishing and spear phishing, and the recently emerging trend of the Business Email Compromise tactic acting as a subset of spear phishing.
These attacks are largely opportunistic, taking advantage of a company’s brand name to try and lure the brand’s customers to spoofed sites where they’re tricked into parting with credit card information, login credentials and other personal information that will be later resold for financial gain.
Up next: How to spot phishing attacks
The other kind of threat is of the spear phishing variety, where emails impersonating a specific sender or trusted source are sent to targeted individuals within organizations to try to get them to take certain actions, like sending money to spurious accounts.
10 tell-tale signs of phishing
The “tells” you can look for to help suss out potential scams are: