Phishing attacks continue to play a dominant role in the digital threat landscape. In its 2020 Data Breach Investigations Report (DBIR), for instance, Verizon Enterprise found that phishing was the second topmost threat action variety in security incidents and the topmost threat action variety in data breaches. It therefore comes as no surprise that more than a fifth (22%) of data breaches analyzed by Verizon Enterprise’s researchers involved phishing in some way.

Digital fraudsters show no signs of slowing down their phishing activity in 2020, either. On the contrary, a report from Google found that phishing websites increased by 350% from 149,195 in January 2020 to 522,495 just two months later. Many of these websites likely used coronavirus 2019 (COVID-19) as a lure. Indeed, Barracuda Networks observed that phishing emails using the pandemic as a theme increased from 137 in January 2020 to 9,116 by the end of March—a growth rate of over 600%.

The rise of phishing attacks poses a significant threat to all organizations. It’s important that all companies know how to spot some of the most common phishing scams if they are to protect their corporate information. It’s also crucial that they are familiar with some of the most common types of techniques that malicious actors use to pull off these scams.

Towards that end, we at The State of Security will discuss six of the most common types of phishing attacks as well as provide useful tips on how organizations can defend themselves.

1. Deceptive Phishing

Deceptive Phishing

Deceptive phishing is by far the most common type of phishing scam. In this ploy, fraudsters impersonate a legitimate company in an attempt to steal people’s personal data or login credentials. Those emails frequently use threats and a sense of urgency to scare users into doing what the attackers want.

(Read more...)