Phishing is a type of cybercrime that seeks to obtain personally-identifying information and credit card information by targeting unsuspecting users. It’s a social engineering type of attack whereby the phisher (the perpetrator) uses fake websites and social profiles to obtain information from internet users.
Usually, phishing works when the attacker sends a fraudulent email purporting to come from a reputable company asking for your personal information or credit card information. For instance, a phisher may pretend to be your bank’s representative and call you to obtain personal or financial information.
So, always look out for emails, calls, or websites purporting to belong to reputable companies. And always double-check the recipient’s credibility before handing over any information—whether personal or social. Let’s look at six phishing trends in 2023.
Phishing Trends to Look out for in 2023
1. Voice Phishing
Voice phishing, commonly known as vishing, is a growing phishing trend that’s taking over in 2023. This technique works when a caller (the phisher) pretends to be a bank representative or any other representative and asks you to key in your information on a website.
Spam calls are the beginning of a new wave of cyberattacks whereby the caller acts as an imposter pretending to be someone else and imitates another organization such as the Internal Revenue Service IRS or a credit institution.
Vishing became a serious issue in 2021, and even the FBI issued a public alert. Statistics and documented research show that 60% of organizations receive phishing calls, an increase from 54% in 2020.
2. Spear Phishing
If you receive an email from an unknown bank, you’ll detect the email as a phishing attempt and delete it. However, if you receive an email from your bank, you will likely fall victim to a potential scam.
The difference is that the first attempt was a general phishing attempt while the second was spear phishing whereby the attacker specifically targeted a specific user.
A 2021 report found that spear phishing victims were ten times more likely to click on a link in an email than general phishing email recipients. It’s not surprising that spear phishing is on the rise, and already 79% of organizations are at risk of these phishing attempts.
Smishing is when cybercriminals target their victims by texting. This type of phishing attempt is even more effective than other types of phishing attempts because most users do not have antivirus software on their phones.
Also, there’s a high number of smartphone users making smishing quite a valuable scamming approach. In addition, the fact that most people do not know about smishing makes them even more vulnerable to these targeted attacks.
For instance, an emerging body of research found that 79% of organizations were targets of smishing attacks in 2021, up from 13% in 2020.
So, organizations must review their cybersecurity training programs to include smishing as part of the organization-wide cybersecurity awareness and campaign.
4. Social Media Phishing
Attackers are increasingly innovating ways to penetrate organizations’ sensitive systems and platforms. Part of doing this is through social media phishing which involves someone messaging you on social media and asking you to click a certain link.
Social media phishing works by sending private messages to individuals on social media and asking them to click certain links that redirect them to particular sites. Once redirected, the website asks you to fill in your personal and credit card information.
A new report shows that 74% of organizations were victims of social media phishing in 2021 compared to 13% of the organization in 2020 the previous year. So, it’s evident that social media phishing will be a serious cybersecurity trend in 2023.
5. Invoice Phishing
In this type of phishing, the attacker intercepts a supplier’s or vendor’s systems and steals clients’ payment information. The phisher then emails businesses, pretending to be the supplier, and asks you to send payments to a different account number.
The attacker can also provide a link for you to pay due invoices, and once you fill in your personal and credit card information, they steal this information and siphon money from your bank accounts.
6. Tax-Based Phishing
Tax-based phishing is an emerging phishing trend to look out for in 2023. This phishing works by receiving an urgent email claiming to come from the internal revenue service IRS. The email claims there are due amounts and asks you to log in to a site immediately and pay your taxes.
When you access the site to check your due taxes and pay due amounts, the attacker preys on your credit card information, personal information, and other valuable data and drain your accounts.
So, it’s advisable to always look out for emails claiming or purporting to come from reputable organizations or governments, including the Internal Revenue Service IRS.
Bastionpoint – Your Leading Cyber Security Provider
Bastionpoint is a leading cybersecurity provider that helps small businesses and large organizations build their cybersecurity posture. We work with all types and sizes of enterprises to identify their cybersecurity needs and design security solutions that are best suited to emerging areas of risks and threats. Contact Bastionpoint for time-to-value cybersecurity solutions.