Cybercrime is constantly evolving, and phishing attacks have become more sophisticated. This article explores the new tactics cyber attackers use to compromise the identity of legitimate businesses and services and raise awareness about the importance of cybersecurity.
The rise of BEC attacks and phishing 3.0:
Business Email Compromise (BEC) attacks are a highly damaging variant of spear phishing. They are designed to trick employees into rash actions that result in financial losses for the employees and their companies. According to the FBI, these attacks have proven to be one of the most damaging phishing models, with losses estimated at $2.7 billion in 2022.
However, cyber attackers have evolved and are now more sophisticated. Instead of sending fake messages, they compromise legitimate accounts of companies or their partners and infiltrate genuine email threads, impersonating the organization. This new tactic has given rise to what is known as phishing scams 3.0.
The rise of corporate phishing:
Experts at Avanan, a Check Point Software company, have observed a worrying increase in this cyberattack. They detected 33,817 phishing attacks from legitimate companies and services, including PayPal and Google, in February and March 2023.
In these phishing 3.0 scams, cyber attackers create free Google accounts that impersonate a legitimate entity. Through a shared document, they mention the email addresses of their targets. As a result, recipients receive email notifications with official Google senders. By clicking on the links in the email, they are redirected to fake cryptocurrency-related websites. These sites are typically phishing portals designed to steal credentials and sensitive data and carry out malicious activities such as direct theft or cryptocurrency mining.
The importance of cybersecurity education:
The lack of awareness and education in cybersecurity continues to be one of the principal vulnerabilities in the sector. These phishing attacks continue to be highly effective due to this loophole. That is why, at Dapango Technologies, we are committed to actively contributing to creating a secure digital environment so that companies worldwide can continue working uninterrupted. We offer various strategies to mitigate any attack, minimizing its impact effectively, losses, and damage to your reputation.