Phishing is one of the most common types of cyber attacks, affecting individuals and businesses without prejudice. These schemes involve a malicious actor trying to dupe the recipient of some form of communication – be it email, text, social media message, or something else – that appears to be legitimate but is actually malicious communication. A phishing email may include a dangerous link that, when clicked on, downloads malware onto the user’s device, infecting it and the network it is connected to. Other phishing scams may involve the sender making time-sensitive demands that cause the recipient of the transmission to panic and not think as rationally as they would if not under such urgent pressure. The consequence of “or else” is often heavily implied or even outright stated by the malicious actor perpetrating the scam.
A phishing email can be recognized by the suspicious links and urgent requests, but also by the sender being someone unknown to the recipient and yet another sign that a message is phishing for something else is that the body of the message will be incoherent or grammatically poor. Phishers, just like other cyber scammers, are having to get more and more creative and sophisticated in their approaches to trying to dupe people since more and more of us know of phishing scams. With that, there are various trends that can be observed in the realm of phishing – below, we will take a look at just a few of the many trends seen in this cyber attack in July of this year.
“Quishing” – Quishing is the name attributed to QR phishing scams. QR codes are all over nowadays, from restaurant menus to ads on TV to coupons for local shops, it is nearly impossible to not see a QR code when out and about. QR codes are an easy target for malicious actors because unlike the traditional HTML link which shows the name of the website, a QR code is just a square barcode so the scanner does not know for sure if it is legitimate or not until the link has been scanned. Before scanning a QR code, verify its legitimacy with the company or individual sharing it with you; if you can’t do this, see if there is an alternative way to get to this link’s destination.
Google Docs Phishing – A new Google Docs phishing scam has complicated things for users of Google Workspace as this scheme is a bit different than your typical phishing attack. In this phishing attempt, malicious actors share a malware-ridden Google Doc with unsuspecting victims. This then generates a genuine email from Google stating that the person has a new document shared with them; users can try to avoid this scheme by not clicking on the links in this Google-generated email and instead, going to their Google Drive directly, clicking on the “Shared With Me” folder, and checking that the sender tied to the file is a recognized, legitimate person.
Amazon Prime Day Phishing Schemes – Just as the Winter holiday season brings on targeted phishing scams, so does a massive online shopping event such as the two-day Amazon Prime Day sale. Phishers have taken on a couple approaches to trying to capitalize on shoppers looking for deals - one is an email scam which appears to come from Amazon with links to deals; when clicked, the malicious link leads users to a fake landing page and malware then infects the computer. The other approach involves simple typos - malicious actors take over sites that are close to the legitimate “amazon.com” such as “amazon.con” or “amazom.com” in hopes that individuals accidentally type in the wrong address when going shopping. Be sure to double check your spelling of the site before going shopping in order to avoid falling for malicious schemes.
Phishing attacks have reached an all-time high recently, so it is especially important to be vigilant in paying attention to the telltale signs of a scam as well as staging up-to-date on the trending threats out there. Keep up with the Tego blog and social media posts to ensure you’re staying informed on the latest trends in cybersecurity.
Image by vectorpouch for Freepik.