Identity theft is a criminal activity in which the perpetrator illegally acquires access to vital information of another person for malicious intent. Scammers employ several different strategies, including phishing, to gain access to this information and use it for personal profit. Phishing, according to Verizon Enterprise's 2021 Data Breach Investigations Report, is among the most common means of identity theft. It accounted for 36 percent of all breaches Verizon Enterprise analyzed in 2021, up from 22 percent the year prior.
Scammers have become more sophisticated in recent years and now employ sophisticated measures such as AI and machine learning to trick targeted victims into giving up their personal information. Phishing, however, usually involves email, text, or telephone communication in which identity thieves pose as someone else to acquire this information. Below is a look at four phishing trends people (and businesses) need to know about for 2022.
Deceptive Phishing Attacks
Deceptive phishing is an email attack that is commonly used by scammers. Many email hosting providers offer built-in security measures to flag these types of attacks and place them in the spam folder, but this isn't always effective. Because of this, email users need to be aware of the tactics commonly employed by scammers as well as signs that suggest an email is a targeted phishing attack.
While the goal of these attacks is to prompt you to click URLs that direct you to fraudulent websites, scammers have increasingly been incorporating legitimate links in their emails to bypass email filter detection. They will often imitate legitimate businesses or service providers and use threats, along with establishing a sense of urgency, to trick recipients into clicking these URLs. Moreover, scammers have recently been known to utilize shortened URLs and slightly modified logos of legitimate organizations to fool Secure Email Gateways.
Recent examples of deceptive phishing attacks include scammers impersonating representatives from Microsoft and the U.S. Department of Transportation. The latter campaign involved an embedded button that redirected email recipients to a website designed to replicate that of the federal Transportation Department. Those who clicked the link were then asked to hand over their Microsoft credentials.
In addition to inspecting URLs, you should keep an eye out for spelling errors, grammar mistakes, and generic greetings to identify deceptive phishing attacks. Look for mismatches between the sender's email address and the name displayed in the "From" field, and inconsistencies in links and domain names. Above all, never click a link in an email from an unfamiliar sender outside your organization.
Spear Phishing
Spear phishing is similar to deceptive phishing, but is more personal in nature and, in addition to email, is commonly employed by fraudsters on social media sites. Emails will typically include the target's name and phone number in addition to the company they work for and their position. Scammers will typically acquire this information from social networking sites like LinkedIn or Facebook. They may direct recipients to open an attachment or click a malicious URL to submit additional personal information.
Oftentimes, scammers will explore social media sites to investigate a targeted organization's structure and determine employees who might be susceptible for a spear phishing attack. They might also send out mass emails to employees at a particular company to learn the typical email format at the company.
Always be wary of divulging too much information on social media. Companies can better protect themselves and their employees with regular cybersecurity awareness training as well.
Vishing - Telephone Attacks
Vishing is a phishing attack commonly performed over the telephone and often targeting senior citizens. Scammers usually impersonate customer service representatives in an attempt to source as much personal information from the target as possible. However, vishing scams against senior citizens can, in some instances, be even more severe than financial fraud.
"Fraudsters use different tactics to get the elderly to fall victim to their schemes," according to the Association of Certified Fraud Examiners (ACFE). "They can be friendly, sympathetic and willing to help in some cases or use fear tactics in others. The tactic used is generally dependent upon the type of situation the fraudster finds himself in with the elderly person."
In a blog post, the ACFE presents an example of a scammer focusing on home ownership in their vishing attempt. The caller might recommend someone that can complete home repairs at a discounted price. Once complete, the scammer may require the homeowner to sign a fraudulent document certifying completion of work. Instead, the document may be a property deed that transfers home ownership to the scammer.
Fortunately, it's fairly easy to avoid vishing attempts. Avoid answering calls from unknown phone numbers and giving out personal information. Voice messages with automated or threatening messages should also be ignored.
Phishing and Crypto
Cryptocurrency is a prime market for fraudsters. Because it is unregulated, those who have been hacked and/or scammed have no assurances that they will receive their money back. Around $3 billion was stolen through at least 32 major hacking incidents in 2021, according to Crypto Head, and this is projected to increase substantially in 2022. Phishing and social engineering attacks are the primary types of crypto hacking. Crypto traders should use push notifications to help prevent SIM swap attacks and select secure platforms such as Coinbase, Robinhood, and Crypto.com.