Current events being used for phishing
Phishing is a cyberattack technique used by cybercriminals. It involves sending an email containing one or more attachments and/or fraudulent links, which often conceal malware(such as Trojan horses, viruses, worms, or ransomware). To do this, the fraudster is not short on imagination. For example, they may pose as a trusted third party (colleague, manager, bank, insurance company, government agency) to extract confidential data (passwords, contact information, etc.) and/or use current events to lure the user…andin this case, there is no shortage of topics!
Did you know that the first phishing attacks took place in the 1990s?
And yes… 30 years of phishing!
We should therefore now be sufficiently informed and vigilant in the face of this scourge. Indeed, regardless of the time period, the subject, or the method, the process remains the same!
And yet, despite all this, phishing is still a hit!
It even remains at the top of the list of attack vectors favored by fraudsters!
Why does phishing continue to grow?
In addition to using increasingly sophisticated techniques, there is no shortage of sources of inspiration. On the contrary, they are endless! One such source—the news, whatever it may be (good or bad)—is, in fact, fertile ground and a golden opportunity for cybercriminals. It allows them to leverage age-old tactics such as:
- Our anxiety: as we’ve seen recently with COVID-19. (For example, sending emails to buy “certified” masks and hand sanitizer, or to participate in a testing campaign.)
- Our fears, our stress: for example, fraudulent emails claiming you’ve received a traffic ticket for speeding or regarding online tax filing. Or, to give another example, emails offering to disinfect your home (and supposedly recommended by the government, no less!).
- What caught our attention: Following the SNCF strike at the end of 2019, emails containing malicious links began circulating. These links lead to a malicious website that asks for your personal and/or banking information in order to process a refund for train tickets.
- Our enthusiasm: a tax refund or a reimbursement from Medicare, a tempting offer for a so-called “miracle drug” during the COVID-19 pandemic, fake gift cards sent by email for Mother’s Day, the latest offer from an ISP for a “revolutionary” plan that’s trending on social media, or even an email containing a link that directs you to a fake website selling Christmas gifts. And what about emails sent during sales periods, Black Friday, etc.?
- Our appeal: sending emails asking people to provide their contact information or sign a petition regarding a particular current issue, such as donations for research, environmental causes, or support for a cause “in the spotlight.”
So… How can we eliminate phishing once and for all?
Im-pos-sible!
On the other hand, reducing the risks and limiting the consequences of a phishing cyberattack is entirely feasible. How? By equipping your organization not only with technical security solutions—as you likely already have—but also with organizational measures.
Turn the human element—the weakest link in cybersecurity—into a major asset for your organization.
Raising awareness of cyber risks, providing cybersecurity training, and teaching users how to avoid the pitfalls of phishing emails: these are the essential and indispensable elements of a "cyber-ready" and cyber-resilient organization!
Do you hold a position related to risk management in your organization? Launch a cybersecurity awareness campaign.
