Phish me tender, phish me true

Issue 1 2022 Commercial (Industry)

Phishing remains the most successful threat action when it comes to data breaches, successful hacks and social engineering. The Verizon 2021 Data Breach Investigations Report found that phishing was linked to 36% of breaches and that 85% of breaches connected to social engineering saw cybercriminals walk off with critical login credentials.

Anna Collard.

The past two years have seen cybercriminals not just gain traction and speed as they have ramped up their attacks, but smart ways of manipulating users. It is clever subject lines, personalised messages and emotive approaches that are currently dominating phishing attacks, explains Anna Collard, SVP content strategy and evangelist at KnowBe4 Africa.

“Many phishing attempts succeed because they rely on people to react on their emotions,” she adds. “People react to an official-looking banking email telling them that they have been hacked; or to give out important information over the phone because they think they are talking to a professional organisation; and to click on links and images because they think they have been sent by a trusted source, such as someone from inside their company or someone they know.”

There are multiple threat vectors being used by cybercriminals to get users to slip up so they can slip right on in. In South Africa, the most common phishing and social engineering tactics are:

1. Mobile phishing: These attacks can be anything from using a virus that has been preloaded onto a mobile app, to recreating a corporate login page and using a SMS or WhatsApp message (smishing) to direct the user to that page. Once the person enters their credentials, they are snapped up by the cybercriminals. As the KnowBe4 Phishing by Industry Benchmarking Report found, 67% of respondents use their mobile devices for financial transactions and mobile banking, making this a scary place to make a security mistake. Smishing has become very popular in South Africa and is also being used to disseminate fake news and dis-information.

2. Intelligent subject lines. This may not sound dangerous at first glance, but actually, the subject lines used by hackers in phishing emails are increasingly personalised so that users are encouraged to click on the content. These subject lines are curated to fit the person’s life and everyday tasks so they do not think twice before they open the attachment, enter their credentials, letting the hackers in. A form of this type of highly personalised and targeted attack is known as spear phishing, it is laser focused on one victim or company because the information they hold is of the most value to the attackers.

3. Clever content. There may still be phishing emails out there that are badly spelled, poorly worded and just plain daft, but most are very well written nowadays. In fact, many come across as being written by a trusted colleague or friend and include information that makes it look like the email is every bit as urgent and legitimate as it claims. Always check the URLs, always be wary of attachments and think before you click.

Perhaps the biggest security risk is people. The employees who click on the email or hand out information over the phone. The remote workers who enter their login credentials to a fake website. The person who opens an attachment from their friend Dave. Each of these moments can be prevented or minimised if people understand the risks and are given the tools they need to recognise them.

“It is really important for people to realise that cybercriminals are learning,” concludes Collard. “They are learning and evolving so that their attacks can bypass expensive and complicated security systems and catch people unaware. Check every email, text, SMS, message and phone call and stay alert to make sure that you are not another victim in 2022.”


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Cyber resilience is more than cybersecurity
Technews Publishing Editor's Choice Cyber Security Integrated Solutions IT infrastructure
Hi-Tech Security Solutions held a round-table discussion focusing on cyber resilience and found that while the resilience discipline includes cybersecurity, it also goes much further.

The next generation of Point of Sale
Commercial (Industry) Security Services & Risk Management Products
New digital point-of-sale (POS) platforms are gaining traction, which means payment providers and investors should take note.

Vehicle entrance control
ZKTeco Access Control & Identity Management Commercial (Industry)
Secure your premises and control who enters with access control systems from ZKTeco. The company offers various types of entrance control terminals for pedestrians and vehicles.

A new dawn in sustainable storage optimisation
Technews Publishing Asset Management, EAS, RFID Security Services & Risk Management Products
Industry is experiencing a move from VRLA (valve regulated lead–acid) batteries, which have been used in data centres for decades, to lithium-ion battery technology.

Residential Estate Security Conference 2022
Technews Publishing Residential Estate (Industry) Conferences & Events
The first Residential Estate Security Conference since March 2020 discussed the people, technology and processes involved in mitigating risks to deliver smart, secure living.

New R2 billion Pick n Pay super distribution centre
Flow Systems Access Control & Identity Management Products Commercial (Industry)
Flow Systems Manufacturers was selected to be part of the security infrastructure at the new Pick n Pay inland distribution centre, which covers an area of 36 ha.

Post-pandemic access control features
Paxton Access Control & Identity Management Products Commercial (Industry)
Access control features introduced at the height of the pandemic are still useful as effective, integrated entrance control mechanisms today.

From the editor's desk: Social beings
Technews Publishing News
      Welcome to Hi-Tech Security Solutions Issue 7. We have slightly fewer topics in focus in this issue because the bulk of the editorial covers one topic, the Residential Estate Security Conference 2022. ...

Integrated security management platforms with biometrics
ZKTeco Access Control & Identity Management Commercial (Industry)
Biometric solutions have become the focus in many discussions as businesses seek more sophisticated security solutions beyond the traditional identification badge and access control system.

Complete solutions, delivering complete protection
Gallagher Access Control & Identity Management Integrated Solutions Commercial (Industry)
The recent release by Gallagher of Command Centre v8.80 and Command Centre Web enables all organisations to make security easier, faster and more efficient.