Some things never change. As long as there are human beings doing business on the internet that can be manipulated by social engineering, there will be phishing. Cybercriminals are constantly innovating their phishing technique, coming up with new enticements to lure employees into giving them credentials or interacting with a ransomware-laden attachment. This evolution means that businesses need to be on guard against unexpected phishing threats – like these three scams that may be coming soon to an inbox near you (unless you’re protected by Graphus).
What’s next in phishing? Find out in the 2021 State of Email Security Report! GET IT NOW>>
Fake Shared Documents
A spate of phishing scams noted by researchers is making use of the victim’s familiarity with shared documents, and capitalizing on the fact employees routinely receive notifications that they’ve been given access to a shared document, especially when employees are working remotely. Cybercriminals spoofing system notifications is a well-known trick, but this twist makes these unexpected messages more tempting for employees and bad actors aren’t hesitating to use that opening to glide into employee inboxes under the radar and pounce. They don’t even have to be types of shared documents that actually exist. In one variation of the shared document scam, cybercriminals are sending out notifications saying that the target has been given access to a shared document on LinkedIn. Employees are fooled with a link that dumps them on a believable page instructing them to log in. There’s just one problem – there are no shared documents on LinkedIn. When they fill in their credential, they’re falling for a phishing attack.
Video Game Shenanigans
People of every age group are playing video games these days, and an especially strong uptick in interest was spawned by pandemic lockdowns. Cybercriminals are more than happy to capitalize on that interest by using it to launch phishing scams. These scams can include snatching passwords, identity theft and malware. One clever ruse is for cybercriminals to disguise malware like ransomware in a patch or game update. Sometimes bad actors also use add-ons like in-game gear and weapons to facilitate phishing. In a clever variety of video game phishing, cybercriminals are using falsified or cloned emails from major videogame marketplace Steam to lure in unsuspecting victims to steal their credentials to devastating effect.
Imposter Domain Phishing
Highly dangerous and extremely believable, imposter domain phishing can fool even security-savvy employees. By changing domain names just a tiny bit and creating well-crafted fake landing pages, cybercriminals are combining brand impersonation and spoofing into a deadly combination that lures in employees. In some cases, bad actors are even doing an end run around security and avoiding common markers taught in security awareness training by using realistic-looking hyperlinks and anchor tags that look so legitimate that employees will fall for the trick, when they do, they’ll be taken to a landing page. Sometimes bad actors are able to slip into legitimate sites through security flaws in a blog or an explainer page that is hosted on the site of the company that they’re spoofing. But a few lines of code tells the tale- it’s phishing.
Still relying on an old-fashioned SEG? See why Graphus is better! SEE THE COMPARISON>>
Humans Get Tricked. Graphus Doesn’t.
No matter how carefully companies train employees to suss out trouble, human nature guarantees that some of them will make mistakes. Employees that are tired, distracted or stressed are over 40% more likely to make blunders that result in cybersecurity implications for their companies. So wouldn’t it make sense to reduce the chance of a human being falling for a phishing attack by removing the human being from the equation?
Add an automated antiphishing guardian that doesn’t fall for social engineering with the three powerful protective shields of Graphus. The first layer, TrustGraph uses more than 50 separate data points to analyze incoming messages completely before allowing them to pass into employee inboxes. TrustGraph also learns from each analysis it completes, adding that information to its knowledge base to continually refine your protection and keep learning without human intervention. EmployeeShield follows up that analysis by warning employees of messages that indicate a need for caution. Phish911 provides a final essential layer of protection by making it easy for staffers to report suspicious messages and preventing those messages from fooling anyone else in the office until they can be reviewed.
Don’t wait until these new threats come knocking on your door. Put the three strong shields of Graphus on the job now to protect your business from 40% more phishing messages than the competition. Contact our sales team today for a personalized demonstration of the power of Graphus.