Go back Trends & News

Phishing Trends for Business in 2019

By Matheus G. Loyola on July 26, 2019

Phishing attacks are often simple but dangerous. Using an email or facade site, cybercriminals find a way to con Internet users in order to steal their data.

In 2019, such attacks will be more sophisticated, humanlike, and comprehensive. The result? In addition to threatening the online security of ordinary users, phishing will be increasingly focused on another target: business. By 2017, about 76% of  companies had already suffered from this type of scam, and there’s since been a dramatic increase.

In the list below, we point out the types of phishing attacks that will likely prevail in 2019 and the basic measures you can take to protect yourself.

 

1 - Spear Phishing


The convenience and benefits of cloud services are essential to a business, but one must also invest in security, since this type of technology will be a major target for cybercriminals in 2019.

According to Hoxhunt, phishing cases targeting SaaS (Software as a Service) grew by 237% last year. The attacks function in a conventional way: In order to steal data, an email or website embeds itself in an institution that the user trusts. However, instead of targeting bank credentials, the cybercriminals want logins for services such as Office 365 and G Suite. It’s worth emphasizing that the attack can be very harmful to the company; after all, with only one login the hackers can have access to all available data.

How can you protect yourself? The first tip is to adopt basic defense mechanisms, such as two-step verification. Also, it’s good to remain alert and never enter sensitive data, such as logins and passwords, on suspicious pages.

 

2 - Phishing with real-time chat


Another phishing scam that targets businesses is the Business Email Compromise (BEC), a fast-growing mode of attack that doesn’t use ready-made emails, fake sites with fields for data to be entered, or even clickable buttons. All the action takes place in real time.

Cybercriminals affiliate themselves with a person from the corporate world, or someone such as a co-worker or boss with a position close to the victim, and start sending emails as if it were a normal conversation. This type of attack aims to steal more specific information, which is usually given during the chat after the criminal earns the trust of his target. In 2018, BEC attacks increased 55% over the previous year and caused US $12 billion in losses worldwide.

A similar scheme—phishing by phone—increased 45% in the United States last year. Using a bot that chats in real time, cybercriminals employ the names of banks and providers to get the victim’s data.

How can you protect yourself? Although the messages sent in this type of scam are personalized for the victim, a simple way to unmask the fraud is to verify the credentials of the person who is talking to you, checking to see if the email or number that contacted you is genuine. Another way is to confirm the identity of the interlocutor. For example, if your boss's name is being used in a BEC scam, contact him in person or through another communication channel before giving your data to a suspicious caller.

 

3 - Sites with HTTPS


More traditional phishing attacks, which create fake websites to steal information, will deploy a security measure as a weapon in 2019: the HTTPS. Starting last year, Google began to designate sites with a green padlock next to the address as "secure connections." But this ensures only that the exchange of data with the domain is encrypted.

 

4 - Social network bait


In addition to emails and websites, another method that’s increasingly being used for phishing is messaging applications, from social networks like Facebook to communication apps like Skype and WhatsApp.

Schemes on social networks vary and can strike via bot messages, fake accounts, and even fake ads that appear in the user's feed. According to Phishlabs, the number of attacks through social media channels tripled in the past year, growing so fast that some experts believe these methods will exceed emails in the future.

In this environment, the first step to protect yourself is to distrust bots and accounts that ask for sensitive information. In the case of ads, our advice is to investigate the company that’s promoting the publications before handing over any data. Facebook, for example, has a button that shows more  details  about  the ads appearing to the user.

 

How can you protect your company?


Axur has a solution for phishing, where we monitor your brand to identify and remove sites that may host phishing, and which can harm your customers and their relationship with your brand. Would you like to know more? Request a demo of our Axur One monitoring platform.