2022 Phishing Scams: The 2 Latest Ways That Your Company is at Risk of Being Phished

2022 is trending in exponential and upward growth in phishing scams. According to the Agari and Phish Labs Quarterly Threat Trends & Intelligence mentioned in a recent tripwire.com article, phishing cases are increasing substantially and gaining headway in a different direction. While the financial sector achieved the highest volume of phishing incidents compared to Q1 2021, the technology sector was under the most attack in Q1 2022.

The findings are quite alarming, with four digital platforms impacting companies quite significantly:

  • Social media (21.5%)
  • Webmail/online services (5.5%)
  • Ecommerce (1.9%)
  • Cloud Storage/Hosting (1.7%)

Whether in the technology, financial, or any other sector, you need to be up to date and prepared for the latest phishing trends. Threat actors are evolving and adapting to modern technology, and increased safeguards. So, to prepare you for the next phishing attack, we’ve provided some of the latest methods bad actors use to infiltrate your unsuspecting employee’s data.

Chatbots

Chatbots were often only implemented within support parameters or a method to provide a sense of connection without a physical customer service rep. Bleeping Computer recently reported how threat actors are exploiting chatbots for personal gain. These cyber-criminals are integrating automated chatbots into their phishing tactics—the goal is to gain unsuspecting users’ trust into handing over their login credentials.

How the scam is done:

  • First, an unsuspecting victim will receive an email from a carrier discussing information about parcel delivery.
  • Next, the user is instructed to click on a link to “follow our instructions.”
  • Then, a pdf file is generated containing links to the phishing site.
  • After that, the user clicks the link, redirecting the victim to a webchat.
  • The chatbot explains that the package’s label was damaged, preventing delivery. Photos of the box are provided for legitimacy.
  • Next, the chatbot requests the victim to provide personal details such as an address, full name, phone number, etc.
  • After that, the delivery is “scheduled,” and a fake CAPTCHA step is displayed again for legitimacy.
  • After that, the victim must provide credit card details to cover the shipping costs.
  • Finally, once the victim provides payment information, the user receives a “Thank You” message via SMS, reestablishing the legitimacy.

How you can protect yourself:

  • Always open the actual delivery service website on a new browser instead of clicking the links.
  • Log into your account on the trusted platform for any pending alerts.
  • Examine the URL for the website.
  • Contact a shipping carrier customer support agent yourself.

FB messenger scam

According to a recent threat post article, a Facebook messenger phishing scam has been duping victims for over ten months. Researchers at PIXM Security generously project nearly $59 million in projected revenue from Q4 2021 to the present day.

How the scam is done

  • First, the victim receives communication electronically to connect to a Facebook login page.
  • Next, the user logs into their Facebook credentials, which automatically transmits to the threat actor.
  • Then, the bad actor logs into that Facebook account and sends a link to all the user’s Facebook friends via Facebook Messenger.
  • Finally, the unsuspecting message recipients are redirected to advertisements and surveys. Each of these pages generates referral revenue for the threat actor.

How you can protect yourself

  • Don’t click on any suspicious links from Facebook messages.
  • Reach out to your Facebook friend directly through another mode of communication.
  • Be vigilant if this is a scam; a threat actor can impersonate your friend via Facebook messenger through any communication.
  • Report the scam to Facebook.

Your organization’s data should not be left to chance. Unfortunately, any number of the previous phishing methods can dupe even the most experienced employee. For this reason, you need a guide to help your team know all the attack methods and how to mediate them. Our cybersecurity team is highly trained to protect your data from the next cyber threat and educate your company, so nothing is left up to chance.

As a security first IT solutions provider, Mentis includes with managed services many of the controls (EDR endpoint security, MFA for hosted email and all points of entry, hardened email filtering and encryption, DNS filtering, Zero Trust endpoint protection, and Security Awareness Training and Phish Testing) necessary to secure your organization. If you’re ready to keep your business and employees safe, contact us here.