Phish me tender, phish me true

Issue 1 2022 Commercial (Industry)

Phishing remains the most successful threat action when it comes to data breaches, successful hacks and social engineering. The Verizon 2021 Data Breach Investigations Report found that phishing was linked to 36% of breaches and that 85% of breaches connected to social engineering saw cybercriminals walk off with critical login credentials.


Anna Collard.

The past two years have seen cybercriminals not just gain traction and speed as they have ramped up their attacks, but smart ways of manipulating users. It is clever subject lines, personalised messages and emotive approaches that are currently dominating phishing attacks, explains Anna Collard, SVP content strategy and evangelist at KnowBe4 Africa.

“Many phishing attempts succeed because they rely on people to react on their emotions,” she adds. “People react to an official-looking banking email telling them that they have been hacked; or to give out important information over the phone because they think they are talking to a professional organisation; and to click on links and images because they think they have been sent by a trusted source, such as someone from inside their company or someone they know.”

There are multiple threat vectors being used by cybercriminals to get users to slip up so they can slip right on in. In South Africa, the most common phishing and social engineering tactics are:

1. Mobile phishing: These attacks can be anything from using a virus that has been preloaded onto a mobile app, to recreating a corporate login page and using a SMS or WhatsApp message (smishing) to direct the user to that page. Once the person enters their credentials, they are snapped up by the cybercriminals. As the KnowBe4 Phishing by Industry Benchmarking Report found, 67% of respondents use their mobile devices for financial transactions and mobile banking, making this a scary place to make a security mistake. Smishing has become very popular in South Africa and is also being used to disseminate fake news and dis-information.

2. Intelligent subject lines. This may not sound dangerous at first glance, but actually, the subject lines used by hackers in phishing emails are increasingly personalised so that users are encouraged to click on the content. These subject lines are curated to fit the person’s life and everyday tasks so they do not think twice before they open the attachment, enter their credentials, letting the hackers in. A form of this type of highly personalised and targeted attack is known as spear phishing, it is laser focused on one victim or company because the information they hold is of the most value to the attackers.

3. Clever content. There may still be phishing emails out there that are badly spelled, poorly worded and just plain daft, but most are very well written nowadays. In fact, many come across as being written by a trusted colleague or friend and include information that makes it look like the email is every bit as urgent and legitimate as it claims. Always check the URLs, always be wary of attachments and think before you click.

Perhaps the biggest security risk is people. The employees who click on the email or hand out information over the phone. The remote workers who enter their login credentials to a fake website. The person who opens an attachment from their friend Dave. Each of these moments can be prevented or minimised if people understand the risks and are given the tools they need to recognise them.

“It is really important for people to realise that cybercriminals are learning,” concludes Collard. “They are learning and evolving so that their attacks can bypass expensive and complicated security systems and catch people unaware. Check every email, text, SMS, message and phone call and stay alert to make sure that you are not another victim in 2022.”


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

From the editor's desk: Showtime for Securex
Technews Publishing News & Events
We have once again reached the time of year when the security industry focuses on Securex. This issue includes a short preview, with more coming online and via our special Securex Preview news briefs. ...

Read more...
Digitising security solutions with AI and smart integration
Regal Security Distributors SA Technews Publishing Integrated Solutions
The Regal Projects Team’s decades of experience and commitment to integration have brought the digital security guard to life as a trusted force for safer, smarter living.

Read more...
From the editor's desk: We’ve only just begun
Technews Publishing News & Events
The surveillance market has expanded far beyond the analogue days of just recording and/or monitoring screens. The capabilities of surveillance technology today extend to black screen monitoring with ...

Read more...
The future of the surveillance channel
Duxbury Networking Technews Publishing Elvey Security Technologies SMART Security Solutions Surveillance
The video surveillance market has evolved from camera-based specifications to integrated solutions that solve customers’ problems. Moreover, the growth of AI and cloud has changed the channel even more, with more to come.

Read more...
AI means proactive surveillance
DeepAlert Technews Publishing SMART Security Solutions AI & Data Analytics Surveillance
SMART Security Solutionsasked DeepAlert for some insight into how AI is transforming video surveillance, even to the extent of it being taught to protect the privacy of those in the cameras’ view.

Read more...
The state of the VMS market
Arteco Global Africa Milestone Systems Cathexis Technologies Technews Publishing Surveillance
SMART Security Solutions asked three platform vendors in South Africa, one that is developed and maintained in the country with an international market, for their views on the state of the VMS market and where it is headed.

Read more...
Dahua Summit 2025
Dahua Technology South Africa Technews Publishing SMART Security Solutions Products & Solutions
Dahua Technology South Africa held its annual summit in Johannesburg in early April. The summit focused on highlighting the company’s range of new products and solutions and recognising its regional partners.

Read more...
Connected commercial drone market to reach US$37.3 billion
News & Events Commercial (Industry) IoT & Automation
The global market for connected commercial drones is forecast to grow from US$18.6 billion in 2024 at a compound annual growth rate (CAGR) of 15% to reach US$37.3 billion in 2029

Read more...
Amendments to the Private Security Industry Regulations
Technews Publishing Agriculture (Industry) News & Events Associations
SANSEA, SASA, National Security Forum, CEO, TAPSOSA, and LASA oppose recently published Amendments to the Private Security Industry Regulations regarding firearms.

Read more...
Local is a lekker challenge
Secutel Technologies Technews Publishing AI & Data Analytics
There are a number of companies focused on producing solutions locally, primarily in the software arena, but we still have hardware producers churning out products, many doing business locally and internationally.

Read more...