Hyper-Personalized Phishing Attacks on the Rise
Phishing attacks are flooding in like never before and becoming more sophisticated. In 2023, there was a 47.2% increase in phishing attacks compared to the previous years. The attacks are also spreading beyond emails to text messages, phone calls, and other forms of personal communication.
AI TOOLS
The rise in attacks is attributed to the use of AI tools, which make it easier to craft tailored messages that can deceive even the most security-conscious individuals. This underlies the importance of continuance education and robust security systems to protect sensitive information.
Email is the number 1 delivery method of nearly all malware. Phishing isn’t just about stealing credentials; it also grants threat actors access to sensitive data, which can be exploited. A report by Verizon indicated that 41% of Business Email Compromise (BEC) attacks involve obtaining credentials from phishing.
Phishing actors may use generative AI to create emails that look genuine and polished, so grammar is no longer a red flag. It’s important to look at other aspects such as the length of the email, its intricacy, and so on. Often, the first sign of an email scam is a suspicious sender address. Attackers may use email addresses that look similar to legitimate companies, but with slight variations, punctuation or spelling. If you’re doubtful, call the sender! This will help establish the legitimacy of the email.
DEEPFAKES
Deepfakes, which are hyper-realistic fake videos or audio recordings, are also now being used in phishing attacks to impersonate trusted individuals or officials. This can create convincing messages that seem to come from legitimate sources. Consider using a ‘password’ or ‘safe word’, preferably among close friends and family, to avoid phone scams backed by deepfake technology.
HOW TO PROTECT YOURSELF
You can protect yourself against phishing attacks with proper tools and safeguards. Install security software and keep it updated. Schedule regular backups and enforce password policies. Multi-factor authentication can also be used for some accounts.
Remind employees to avoid emails from unknown senders. If an email looks suspicious, forward it to your IT department or call the sender directly to confirm if it came from them. Do not provide personal information or click on suspicious links. Pay close attention to email content such as spelling and grammar.
At IT360, we take the necessary measures to protect our clients’ and their networks and are here to help with your IT security needs.