2021’s Most Successful Phishing Ploys (So Far)

admin 29th May 2021

Spread the love

Fishing competitions take place all over the world. Anglers attempt all kinds of strategies in their attempts to land the big one. Phishing plays a similar game. Cybercriminals devise and constantly revise their strategies to land their big fish of their own – access to financial data, the ability to lock users out and hold them to ransom, or disrupt societal infrastructure.

The latest ploys are laid out in the Q1 2021 top-clicked phishing report

As you can see, businesses are very much in the crosshairs as they are likely to bear the most fruit in the form of data and personally identifiable information. Predictably, password scams top the list. This makes sense given the insanity of endless passwords for a litany of sites. Once users get comfortable with current rules, it is not uncommon for users to receive a rash of emails from different sites expressing changes to password and security policies. That, in turn, leads to passwords being changed more often, and of course, more characters of growing complexity being added. No wonder this is a big area of user annoyance, disagreement, and frailty. The bad guys are latching onto it.

Think about it for a moment. Your average techie may be enamored Read more: Check out eSecurity Planet’s comparison of top password managers in Dashlane vs. 1Password and Dashlane vs. LastPass

“The bad guys go with what works and in Q1, nearly a third of the users who fell for a phishing email clicked on one related to a password check,” said Stu Sjouwerman, CEO, KnowBe4. “Always check with your IT department through a known good phone number, email address or internal system before clicking on an email related to checking or changing a password because it only takes one wrong click to cause monumental damage.”

Further targets for cybercriminals include HR traffic. HR departments have been busy during the pandemic. Many attempted to make up for lack of onsite presence IT department traffic is another area of phishing success. With so much remote work being done, IT departments have been forced to be more vocal than before. The bad guys are tapping into this area with subject areas about server downtime, email account deactivation, and various tests being conducted. Scanned images and package delivery notifications are further sources of phishing success, as are social media messages – LinkedIn phishing messages dominate in social media email subjects.

The motto is clear: Think Before You Click.