It's that time of the year where we look back at 2022, and try to figure out how next year's threats will evolve!
Cyber attacks delivered via email remain a threat, with attacks on the rise. Cybercriminals are constantly evolving, learning from what works and doesn’t, allowing them to tweak their tricks and tactics. Some techniques still work on people, believe it or not, and attackers continue to use them today to gain access to your systems. Suppose you want to protect your valuable data, organization’s reputation, clients, and employees. In that case, you need to be proactive about educating yourself on the most current email threats and the ones expected to spread. Here are the current and future top threats in an email that may still affect you in 2022:
The rise in phishing attacks in the first quarter of 2022 has been dramatic, making up over half of all the cybersecurity attacks globally. An unusual trend in phishing attacks has involved empty subject lines. A recent study shows that almost 70% of email scams left the subject line blank. Other top phishing trends include targeting LinkedIn users, spoofed crypto brands, and big box retailers.
Business email compromise (BEC) attacks
When attackers obtain access to an organization’s business account, they can move through the system discreetly and send emails that seem legitimate. They can send emails to finance department employees and request money transfers. BEC attacks are also often used in fraudulent invoice schemes targeting suppliers. Or the attack may be used to obtain personal or sensitive employee and client data.
According to a report by Tessian, 52% of employees have fallen for a phishing scam because the email appeared to have been sent by a senior executive from their company. With impersonation scams, attackers can impersonate trustworthy brands, legitimate organizations, company executives, and managers.
If an attack is designed to trick a human into believing the sender is trustworthy, it’s considered impersonation. But it's considered spoofing when the communication is intended to appear as a known or trusted source to trick a computer or system. With spoofing, your email inbox is tricked into believing the incoming email is legit because it’s been disguised to be from a trustworthy source.
Ask an employee why they clicked an email later determined to be a phishing attack, and one out of three times, they will tell you that they were distracted or not paying attention. Factors such as fatigue and stress can also cause users to lower their guard when it comes to cybersecurity.
Logistics-themed and invoice-related scams are some phishing attack themes that still claim victims today. With more people ordering online, attackers are taking advantage of people who are expecting packages. And a good way to get their attention is by using subject lines related to parcel tracking or delivery statuses. Invoice-themed scams typically target finance employees who may be in a position to make quick wire transfers when instructed.
At the height of the pandemic, pandemic response-themed email scams were on the rise as people were eager to stay updated on health department announcements, government protocols, and vaccinations. Other common email scam themes designed to get you to click a phishing link or attachment include emails with a subject line that invokes a sense of urgency or piques your interest by promising a bonus or reward.
Social engineering attacks
Social engineering attacks aim to exploit vulnerabilities in human behavior, using psychological manipulation to trick users into making cybersecurity mistakes. Social engineering may include making false promises and threats. Another social engineering method is impersonating colleagues or authority figures to gain the user's trust. Some sophisticated social engineering attacks involve “deepfake” AI technology, which uses manipulated audio, video, and images of real people.