After a year riddled by ransomware attacks such as Jaff, Locky, Wannacry and Petrwarp in 2017, 2018 is giving way to phishing attacks.
If 2017 was the year of ransomware, then 2018 will be the year of phishing.
Whereas in 2017, cyber attacks exploited software vulnerabilities, today they are based on the vulnerabilities of your employees’ cyber vigilance. It’s becoming more and more complicated for employees (whether they’re warned and aware of cyber attacks or not) to succeed in detecting a phishing attack when they see one in their inbox.
The media’s attention to ransomware has raised awareness of it and reduced its impact on companies.
Hackers, for their part, are well aware that the nearly daily coverage of ransomware in the media has led to new vigilance in companies. The latter have begun to implement protection measures both by equipping themselves with appropriate solutions (whether in terms of email protection or data backup systems, for example) and by alerting their employees to the detection of threats. They have understood that email security requires the use of a predictive email filtering solution but also (and one goes hand in hand with the other), employee awareness and the use of best practices.
So today, employees think twice before clicking on an attachment (“Think before you click!”) and companies are making the choice to restore a backup earlier instead of paying a ransom.
These new behaviors make life more difficult for hackers, so they’re looking for other, harder to detect ways to commit their crimes, hence the upsurge in phishing attacks.
New phishing attacks are breaking through our vigilance barriers.
As we have seen since the beginning of 2018, phishing attacks are clearly on the rise. In February alone, we blocked three times more phishing attacks than we did during the biggest waves of attacks identified in all of 2017.
These new attacks succeed by posing as the brands and services we use every day (such as Netflix, Amazon, Alibaba, Whole Foods, Verizon and many more), and exploit our obligations as citizens (creating fake tax forms to fill out) and our activity at work (unpaid invoice, domain name renewal, etc.) Unfortunately, they spare no one and affect every type of industry and every size of company.
Less well known than ransomware attacks, they are becoming increasingly sophisticated, more and more realistic and harder to identify. They slip past employees’ vigilance and circumvent the traditional protections put in place on the email system.
If you have any doubt about it, knock yourself out by putting your ability to detect a phishing email to the test. We’ve developed a game, the Phishing IQ Test, using a series of phishing emails taken from the isitphishing.ai detection engine, which asks the question, “Is this email a phishing email?” Access the test and rate your knowledge level about this kind of attack.