image depicting variety of phishing attacks

Illustration by Derrick Deepak Roy

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. This week, we explore phishing attacks and how they’ve evolved in recent times.

Way back in the 1990s, or so the story goes, users unwilling to pay for access to the internet would hunt for others’ login credentials to keep browsing for free. They’d pretend to be ISP administrators and try to trick people into giving up their login credentials via email.

Then came the Love Bug of 2000. A seemingly harmless love letter that would unleash a worm on to unsuspecting victims’ systems. It’s been more than 20 years since, and while the overall game is the same, the stakes are significantly higher.

Instead of free access to the internet, or “pranks” to ruin someone’s system, phishing attacks today have much more insidious aims. These attacks often strive to cause tremendous damage to people, businesses, and governments alike.

What’s more, the attacks themselves have evolved. Today we have smishing (SMS-based phishing) and vishing (voice-call-based phishing) as well, which are often used together or alongside phishing emails to increase their chances of success.

Then there is spear-phishing, targeted attacks powered by the wealth of personal information available online—either via social media sites or other less public (and legal) sources.

Today, due to the massive transformation in our way of working over the past two years, these attacks are as prevalent as ever before. In fact, as per ManageEngine’s Digital Readiness Survey 2021, more than half the organizations across the globe saw an increase in phishing attacks in the wake of the pandemic.

Since this problem isn’t going away anytime soon, it’s best to keep abreast of the latest tricks attackers may use. So here are five articles about the never-ending evolution of phishing.

1. More Orgs Suffered Successful Phishing Attacks in 2021 Than in 2020
The shift to a hybrid work environment has made organizations more vulnerable to phishing attacks. Additionally, there seems to have been a decline in awareness regarding these threats, resulting in an increase in successful attacks.

2. Novel phishing method deceives users with ubiquitous IT support tool
Remote access software is a key tool in an IT technician’s toolbox in organizations with remote or hybrid workforces. Now, it could also play a key role in future phishing attacks.

3. Microsoft Teams is the new frontier for phishing attacks
As per security researchers, collaboration tools are a growing opportunity for attackers targeting corporate employees. The “implicit trust” most employees have in these tools could increase the chance of a successful attack through this vector.

4. QR code scams are on the rise. Here’s how to avoid getting duped
QR codes are becoming ubiquitous across the world, and cybercriminals are taking note. In a spin on traditional phishing attacks, QR codes are now being used to dupe people into giving out their financial or other personal details.

5. Microsoft warns of emerging ‘ice phishing’ threat on blockchain, DeFi networks
Web3 and other decentralized technologies could revolutionize the way the internet works. In the meantime, cybercriminals are finding new ways of scamming people out of their money.

As you can see, whether it’s on today’s internet or the currently amorphous Web 3.0, phishing won’t be going anywhere anytime soon.

Awareness is a key part of defending against these attacks. So, make sure your colleagues are aware of how to detect and handle a phishing attack—and ensure your security team is equipped to mitigate the risk and damage of any phishy business in your network.