Phishing is the most common type of successful cyberattacks — which makes it a real threat to businesses of all types and sizes.
While phishing emails target both individuals and organisations, their impact on organizations can be significant, including recovery costs, loss of reputation, data breach fines, and decreased productivity.
The magical formula behind phishing is how they rely on simple psychological tricks, natural human responses, seasonality or global trends.
This makes them hard to detect and increases their chances of stealing users’ sensitive information or credentials (using fake links or malicious attachments).
Today, as cybercriminals constantly update and polish their phishing scams, poor security practices and lack of employee phishing awareness make users more susceptible to these threats.
‘’Sophisticated phishing emails are behind more than 90% of successful cyberattacks’’ — Mike Rogers, US Chamber of Commerce’s cybersecurity summit.
HOW TO PROTECT YOUR USERS AGAINST PHISHING EMAILS?
- Phishing Awareness is your users’ first line of defence against phishing emails. Make sure they’re aware of current phishing trends and how to spot and deal with them.
- Email Filtering: Email filtering methods vary from Whitelisting certain senders, to enabling pre-delivery email scanning services.
- Use Anti-phishing Tools like GAT+ to save your domain from further damage if a phishing email ever gets in.
|GAT+ enables Google Workspace Admins to instantly remove phishing emails from every account on their domain if one ever gets in, thereby preventing further damage.|
6 TYPES OF PHISHING EMAILS TO KEEP AN EYE ON IN 2022
Complementing our awareness post The 5-Tell Tale Signs of a Phishing Email, make sure to share the below list too with your users:
1. PANDEMIC-RELATED PHISHING EMAILS
‘’Malicious emails are up to 600% due to Covid-19%’’ — IBM and Ponemon Institute 2021 study.
Basically, if there’s a worrying topic related to the pandemic, cybercriminals have sadly found a way to capitalize on it.
Keywords to look out for include: New variant details, Vaccination schemes, Booster shots, and Health department guidelines.
2. BRAND IMPERSONATION PHISHING
Brand impersonation is one of the most common (and successful) types of phishing emails, and we don’t expect it to go anywhere in 2022.
Attackers trick you into thinking they’re someone you can trust enough to give out confidential information to, or click on links they provide.
ALWAYS double check the sender’s email first for inconsistencies.
If it doesn’t look right, check with the brand right away via the official contact details provided on their website.
Keywords to look out for include: Reset Password Required, Update payment information, Click on links, ect.
3. DELIVERY OR CUSTOMS PHISHING
Postage-themed phishing emails have been making the rounds recently, whereby scammers ask you to pay a fee or track a fake package via a malicious link.
Be careful because these emails most often also integrate brand impersonation of well-known postage services, which makes them look more legitimate.
Keywords to look out for include: Failed delivery attempts, Pending customs fees, and Tracking links of items you don’t recall ordering.
4. EMAILS REFLECTING URGENCY OR REWARD
If an employee receives an email about a promotion or data breach, most likely than not they’ll open it. It’s a natural human response. Which is why these phishing emails get the most clicks.
Email subject lines requesting further actions with a sense of urgency or reward are a phishing classic — even with changing times, trends, and subject lines.
Keywords to look out for include: Save your account, Grab your Bonus, Immediate Action required, Your Data will be lost.
5. INVOICE-THEMED PHISHING
This type of phishing email has been especially targeting Finance employees. They prey on their sense of responsibility to check and investigate any payment issues.
They then use fake links, attachments, or even PDF files (see below) to steal your credentials, spread malware, etc.
Keywords to look out for include: Overdue Invoice, Update Payment details, Pending Invoice, PO Attached.
6. TAX-RELATED PHISHING EMAILS
Finally, fake tax-related phishing emails have been super common recently, especially during tax season.
They usually seek things like your Social Security Number, Banking details, or any other confidential information. They can be used to impersonate you or hack your account(s).
If you receive a suspicious email purporting to be from a taxation entity, always further investigate before taking any action.
If you’re actually awaiting a tax or wage subsidy refund, contact your tax office first to check its status.
Keywords to look out for include: Your TAX Return for Year X, TAX Account Restricted, TAX Payment Deducted, TAX Refund Due, Update TAX Information.
While phishing emails keep changing to reflect the issues users care most about, if you look closer you’ll notice that the tell-tale signs don’t change much.
To protect your users and organization against all types of phishing emails:
Increasing your user’s awareness of phishing is STEP ONE.
Deploying email filtering measures is STEP TWO.
And using Anti Phishing Tools for damage control is STEP THREE.
Stay in the loop
Sign up to our newsletter to get notified whenever a freshly baked blog post is out of our content oven.