Would You Recognize Phishing’s New Face?

Phishing hooks grabbing user information

What began decades ago as simple spam, designed to trick recipients into visiting sites and becoming customers, has since morphed into a worldwide criminal industry. Centered on social engineering — manipulation through deception — phishing has become not only the most used initial attack vector in data breaches today[1], but also the No. 1 internet crime by victim count.[2] An overwhelming majority of organizations (88 percent) cite having experienced phishing attacks.[3]

Yet, despite the volume of discussion surrounding phishing, much of the information that circulates becomes out of date quickly. Cybercriminals are continually inventing new strategies to penetrate organizational defenses and gain victims’ trust. As if it is not already challenging enough for security teams to keep up with the latest phishing techniques, they also need to ensure their users — who are often the victim of phishing emails, are educated on how to spot an email-borne threat.

Download Now: Phishing Awareness Posters

Hackers are increasingly relying on credentials they’ve stolen via phishing attacks to access sensitive systems and data. That’s one reason why breaches involving malware have decreased by over 40 percent.[4]

The top five “types” of data compromised in a phishing attack are4:

  1. Credentials (passwords, usernames, pin numbers)
  2. Personal data (name, address, email address)
  3. Internal data (sales projections, product roadmaps)
  4. Medical (treatment information, insurance claims)
  5. Bank (account numbers, credit card information)
Example of social engineering phishing attempt
Figure 1. Example of social engineering phishing attempt

Detect New Phishing Techniques

In 4 Trending Phishing Techniques and Tips for Detection, LogRhythm’s cybersecurity experts take an in-depth look at the new face of phishing. They discuss some of the newest and most effective phishing techniques being leveraged by cybercriminals and how forward-thinking organizations can stop them in their tracks. These include the new phenomena of malware-less emails and CEO-impersonation fraud, with expert advice on the critical information every organization needs to remain safe from these types of attacks and more.

In addition to exploring some of the most important manipulation techniques, the authors examine the importance of hardening the human attack surface: namely, making sure that employees are equipped with all the information they need to detect a phishing attack at speed. By taking advantage of the right digital security tools and educating users on how phishing content differs from that of legitimate emails, organizations can stop most attacks dead in their tracks.

Read the full paper to learn how to detect new phishing attacks techniques and gather details around the attack, so your team will become more resilient to future and evolving attacks.

Read the white paper and more here.

 

 

 

[1] Data Breach Investigations Report, Verizon, 2019

[2] Internet Crime Report, FBI, 2020

[3] State of the Phish Report, Proofpoint, 2020

[4] 2020 Data Breach Investigations Report, Verizon, 2020