Many cybercriminals are exploiting the coronavirus (COVID-19) pandemic to launch successful phishing attacks, according to the "2021 Phishing Intelligence Report" from cybersecurity training provider Phished.
Key takeaways from Phished's report include:
- COVID-19 ranked first among the most popular topics used in successful phishing attacks, followed by office and IT topics.
- 22 percent of employees are likely to expose their organization to data breaches via successful phishing attacks.
- Among employees who open a phishing message, 53 percent are likely to click a malicious link contained within it. If a message contains an attachment, 7 percent of recipients will download and open it.
- Employees in the public sector are 3 percent more likely than those in private sector to fall victim to phishing attacks.
In addition, cybercriminals are using phishing kits and other advanced tools and techniques to launch phishing attacks, Phished indicated. As such, organizations must take appropriate steps to keep pace with evolving phishing attacks.
Phishing Attack Trends to Watch in 2022
Expect cybercriminals to continue to use COVID-19 topics to launch phishing attacks in 2022, Phished stated. Also, cybercriminals may exploit various phishing strategies in 2022, including:
- Deepfakes: Tools are available that allow cybercriminals to create deepfakes that imitate a victim's voice and face.
- QR Code Fraud: Hackers use fake QR codes during man-in-the-middle attacks to illegally gain access to victims' bank accounts.
- Smishing: With smishing, cybercriminals use SMS messages to get victims to click on malicious links.
- Vishing: During vishing attacks, a cybercriminal imitates a call center representative and discusses a problem with a victim in the hopes of obtaining their sensitive information.
Organizations must provide their employees with ongoing cybersecurity awareness training, Phished CEO Arnout Van de Meulebroucke said. That way, they can help employees increasingly recognize sophisticated phishing messages.