Phishing attacks continue to grow and together with ransomware they are the great threat in cybersecurity. In the last three years there has been a 119% increase Of these threats that include URLs to induce fraud, according to the proofpoint cybersecurity and regulatory compliance. However, Phishing attacks are no longer limited to email, but also accompany text messages and other digital channels to address the victims, thus increasing their chances of success.
The cybersecurity firm has observed how the attackers initiate a conversation by email and then They try to change communication with their potential victims for SMS. One of the examples collected by ProofPoint seemed a benign message from an external supplier, except for two clear alarm signals: the cybercrime wanted to move from email to another channel that was probably not supervised by a security team and also asked the user personal information.
As there was no URL or malicious load there was nothing to analyze. The organization’s email solution He was not able to identify the message as a Phishing emailso it was sent to the user’s entrance tray. If the conversation to digital messaging, collaboration and text channels is transferred, the attackers can convince many more users to perform several insecure actions, from clicking on a link, enter their credentials in a form or fraudulent login to reveal confidential data of one organization, among others.
In fact, ProofPoint has detected that phishing attacks based on SMS or Smishing 2,524% have increased in three years. It is more likely that people open links in text messages than in an email: the percentage of clicks on SMS ranges between 8.9%and 14.5%, while emails have an average click rate of 2%.
“Cybercriminals know that the multiple channels that users use to communicate and collaborate, such as messaging platforms, collaboration tools, cloud applications and file exchange services, are less safe and are not always supervised by security operations centers, which makes this type of attacks a serious problem for organizations”they explain. “Therefore, you have to be diligent in terms of security, providing a unique and integral solution to help defend themselves against these threats focused on the human being, both current and emerging”.
Regarding proactive measures, from ProofPoint they advise to adopt a threat detection based on AI, which is capable of Identify and block malicious loads and urlscanning the body of an email and understanding the intention of the sender; Expand protection against phishing beyond email, protecting messaging and collaboration applications; Strengthen user security training to change their behavior, making them more vigilant and proactive.
