UPDATED for 2023: Click here to read the top 10 email scams to be aware of in 2023.
Phishing emails are increasing in 2022
Cyber security training experts, Boxphish, take you through the common Phishing emails to look out for in 2022.
Through recent years Cyberattacks have been on the rise and are ever rising still. One of the most common types of these being fake emails, aimed to grab your interest, have you click a link and then direct you to a spoofed website to steal your data, among other things. These are known as Phishing emails.
There are many versions of Phishing emails, not only as described above, and cybercriminals are coming up with more and more ways each year to fool their targets. So, with that, let’s take a look at what you, the user, should be looking out for in the new year.
Let’s look at the latest Phishing data in 2022:
- 75% of Organisations around the world experienced a Phishing attack in some form
- 96% of Phishing attacks arrive by email
- 80% of security breaches are caused by Fraudulent emails or websites
- £16.1k is the average cost of a data breach for SMEs in the UK
- One in every 3,722 emails in the UK is a phishing attempt (20% higher than the global average)
- 32% of UK companies have cybersecurity insurance that doesn’t cover ransomware
- Just 31% of UK organizations have done a cyber risk assessment in the last 12 months
Fear not as there are many ways to spot Phishing emails and the best defence against these criminals is to be educated on what to look out for. So, let’s go through a few.
Spear Phishing is best used as a term to describe a targeted Phishing attack. The criminals will gather data on an individual, whether it be their Name, Company, Position, or their phone number, among others. Much of this data is pulled from social media, LinkedIn being the one of the most prevalent as it is business oriented and contains information on the target including current workplace and details of their job role.
The Cyberattacker will use the information gathered to craft a specific email for their target to trick them into thinking it’s from a brand they know, or someone they know within their organisation. They can take the form of anyone, so be extra vigilant.
Account takeover is a type of phishing where the attacker takes a list of email addresses and sends fake emails in mass to everyone on the list. This is an extremely common phishing method as it requires little to no research and is more about casting a wide net for a few fish to be caught.
You will often see these as generic emails from well-known brands/companies such as Amazon, Google, etc. The links within these emails will take the victim to a fake website in an attempt to steal their credentials and or any other information they may input, depending on the site.
The best way to spot these is to check any the redirect link, whether the URL is a spoof and any spelling errors on the email.
What is Pharming and how is it different to Phishing?
As more and more users become more educated on traditional phishing scams, cybercriminals are turning to other methods such as pharming.
Pharming is when a websites traffic is manipulated so that the user hands over their confidential information. Basically, the attacker produces a fake website and redirects the user to it.
Back in 2014, Team Cymru uncovered a pharming attack. It was found that over 300,000 small business and home office routers were affected. The campaign used man-in-the-middle (MitM) attacks to overwrite the victims’ DNS settings and redirect URL requests to sites under the attacker’s control.
We will cover ways to protect yourself from this in another blog. However, here are a few useful tips:
- Use reputable websites
- Have an anti-virus and malware programme installed
- Use a reputable internet service provider
We hope this quick overview of Common Phishing emails to look out for in 2022 has given you the knowledge to begin your journey into further educating yourself on ways to avoid such scams.
If you feel you or your organisation would benefit from Phishing Training services and everyday cybersecurity, please contact us here at Boxphish at Hello@boxphish.com.