How to Stay Ahead of Creative Phishing Tactics
- Post by Janet Gehring
- August 22, 2022
Creative phishing tactics are on the rise. Cybercriminals are constantly updating their tricks, techniques and procedures to bypass various security measures. Since up to 90% of data breaches begin with phishing, here’s what’s new out there and how you can stay ahead.
A recently discovered and currently active attempt targeting Microsoft email users is just the latest example of how persistent the threat is. In some cases, business emails of executives have been compromised and their addresses were then used to send more phishing emails. This ongoing phishing attack can even bypass multi-factor authentication (MFA).
Speaking of MFA, be aware of a tactic called “prompt bombing”. This can take the form of receiving repeated notifications on your phone to confirm a sign-in. The goal is to annoy you and wear you down so you approve the sign-in, allowing the bad guys to break through the MFA. If you didn’t initiate a sign-in, deny any notification asking you to allow it.
Another new approach is pairing a phishing email with a follow-up phone call. According to a new IBM report, a standard email-only attack yielded a 17.8% click rate from its target audience. When cybercriminals paired the same email attack with a matching phone call campaign, the click rate increased to 53.2%. That’s three times the email-only click rate! By combining different tactics, cybercriminals can make their messages seem more credible and urgent. Don’t be fooled.
Reminder: If you *clicked* on an email that turns out to be malicious, report it to your IT provider immediately. Don’t delay – it only takes minutes to cause serious damage.
On the bright side, all unwanted email isn’t malicious. It may just be an offer for something you don’t want. Use these tips to keep those emails out of your Inbox, too.
The tools you use (spam filters, password managers, email multi-factor authentication, etc.) along with your ability to identify potentially dangerous emails, phone calls (and texts) will continue to help you stay ahead of creative phishing tactics.
To learn how CRU Solutions can help keep your business more secure, contact us.