Phishing Trends Examined by the SANS Institute

Earlier this year, the SANS Institute published a blog exploring emerging phishing trends. This kind of research is an invaluable resource for all individuals and organizations looking to identify and rebuff phishing attacks. In this article, we’ll cover some of the key findings from that report. 

Changing Platforms

Traditionally, phishing attacks relied on email as a primary communication channel. However, in recent years, attackers have shifted toward other messaging technologies such as Apple iMessage, WhatsApp, and SMS. These platforms often lack robust filtering capabilities, making it easier for scams to go undetected. Additionally, the concise nature of text messages can make it challenging to discern legitimate messages from phishing attempts. Therefore, organizations must emphasize to their employees that phishing attacks can now occur through various messaging technologies, not just email.

Changing Goals

Traditionally, phishing attacks aimed to infect victims’ computers with malware. However, as security defenses have become more adept, attackers have shifted their objectives. Today, the three primary goals of phishing attacks include:

• Password Harvesting: Phishers frequently attempt to trick individuals into clicking on a link that directs them to a fraudulent website designed to steal their login credentials. Once obtained, attackers can misuse these credentials to cause substantial damage while remaining undetected.
• Phone-Based Attacks: An increasing number of phishing attacks do not include links or attachments but focus on manipulating victims to call a specified phone number. Attackers employ social engineering tactics, such as emotional manipulation, to coerce individuals into revealing sensitive information, making unauthorized purchases, or transferring funds to attacker-controlled accounts. Although these attacks require significant effort, they can yield substantial financial gains.
• Scams: Many phishing emails now omit links or attachments and instead employ impersonation tactics to deceive recipients. These short, impersonating messages often imitate someone the victim knows or trusts, such as a boss, coworker, or a familiar company. Business Email Compromise (BEC) attacks exemplify this approach, in which attackers deceive victims into performing actions without the need for malicious links or attachments.

Understanding the types of phishing attacks your organization encounters is crucial. Collaboration with your Cyber Threat Intelligence team, Email Support team, or those responsible for email filtering and perimeter defenses can help identify the prevalent threats. Anti-phishing solutions can also provide insights into the types of attacks your organization faces.

Preventing Phishing Attacks

Educating your workforce on the most common indicators and clues of phishing attacks is essential. It’s not feasible to train employees on every phishing attack and lure, as attackers continually adapt their tactics. Focus on the indicators that transcend the method or lures used by cybercriminals. These common indicators include:

• Urgency: Emails or messages that create a sense of extreme urgency, pressuring recipients to take hasty actions, often with threats of negative consequences, usually indicate a phishing attack. For example, fake messages from government agencies claim overdue taxes and potential legal consequences.
• Pressure: Messages that pressure employees to disregard company policies and procedures, pushing them to act inappropriately, are also a red flag. BEC attacks, which manipulate individuals into making unauthorized financial transactions, are a prime example.
• Curiosity: Emails or messages that exploit recipients’ curiosity or offer enticing opportunities that seem too good to be true typically betray a phishing attack. Examples include messages claiming undelivered packages or refunds from well-known companies like Amazon.
• Tone Discrepancy: Emails or messages that appear from a known sender but exhibit a tone, wording, or signature inconsistent with the sender’s typical communication style are usually phishing scams.
• Generic Salutations: Messages purportedly from trusted organizations but addressed with generic salutations such as “Dear Customer” instead of personalizing the recipient’s name indicate a potential phishing attempt.
• Personal Email Addresses: Emails that purport to come from legitimate sources but use personal email addresses (e.g., @gmail.com) rather than official company domains are often phishing.

While these common indicators help protect against various phishing attacks, it’s essential to avoid relying on outdated indicators:

• Misspellings: Poor spelling and grammar are no longer reliable indicators, as legitimate emails with errors have become common, and attackers increasingly produce well-crafted messages.
• Hovering Over Links: Hovering over links to check their legitimacy is not recommended, as it may require teaching recipients how to decode URLs, which can be confusing and technical. Many links are obfuscated by security solutions, and this method is difficult to employ on mobile devices.

As phishing attacks evolve, staying informed about emerging trends is vital for maintaining effective defenses. Threat actors are exploiting new modalities and goals, making it essential for organizations to educate their workforce about the evolving nature of these attacks. Understanding the most common phishing indicators and adapting to the changing landscape is crucial in the ongoing battle against cyber threats. By doing so, organizations can enhance their security posture and reduce the risks associated with phishing attacks.