At DuoCircle we like to stay up to date on the latest phishing tactics so we can share them with you to keep you prepared. And we never cease to be amazed at the cleverness of hackers.
One of the fastest-growing email threats is account takeover, where a hacker takes over someone’s email account. Once they do, they have a lot of options, and one of the options they’re starting to choose is something called lateral phishing.
According to an article on Computer Weekly, “lateral phishing uses hijacked accounts to send phishing emails to an array of recipients in the account’s contact list, ranging from close contacts in the company to partners at other organisation’s.”
This is a particularly difficult tactic to defend against because these emails are, in essence, legitimate because they are coming from a trusted account. You will need technology to protect yourself against this form of attack because no amount of awareness training will help.
Another phishing tactic being rolled out is one that uses LinkedIn invites to deliver malicious documents. According to an article on the SC Magazine website, “Researchers noticed the campaign in late June 2019 using LinkedIn professional network invitations to deliver the malicious documents that included the use of three new malware families. So far the campaign has targeted the energy, utilities, government, oil and gas industries with the threat actor utilizing their tried-and-true techniques to breach targeted organizations.” Be wary of LinkedIn invites with attachments.
Perhaps the most clever new phishing tactic we’ve come across is one that doesn’t even require you to click on anything. According to Extreme Tech, “All you need to do is hover your mouse over the wrong link. The one saving grace here is that we’re not talking about any old link on the internet. These are links embedded in Microsoft PowerPoint presentations. Anyone using an older version of PowerPoint or a new one with Protected View disabled is vulnerable.”
Finally, no list of latest phishing tactics would be complete without some new way to attack an iPhone. This time it’s hackers going after owners of lost or stolen iPhones. They use the phone’s number to send a message, seemingly from Apple Support, telling them their iPhone has been found.
According to an article on iOSHacker, “The message also contains a web link that the message claimed will allow the victim to view the current location of his iPhone. When the link is clicked it opens a very Apple-style web page asking the user to enter his Apple ID username and password. Turns out the whole message and the website it is pointing to is fake.”
“The whole story is pretty bizarre and shows how tech-savvy iPhone thieves have become, since sending a fake message that shows appears as it was sent by ‘Apple’ and setting up fake site requires considerable tech knowhow.”
There’s no way anyone can stay on top of all the new phishing tactics coming at us constantly. That’s why we need help. Phishing awareness training is good. But, do you know what’s better? Phishing Protection from DuoCircle. It comes with ransomware and phishing protection. It blocks malicious websites and includes real-time link click protection. Try it risk free for 30 days.