You’ve been taught how to spot a phish. You’ve probably seen enough of them in your inbox that you are pretty confident one won’t get past you. You are suspicious (which is a good thing). But cybercriminals are getting better at delivering credible communications.
With phishing and social engineering in general, these scammers are looking beyond using just emails:
- Phishing campaigns are now multi-channel attacks that have multiple stages. In addition to emails, cybercriminals are using texts and voicemail to direct victims to malicious websites and then using a follow-up phone call to continue the ruse.
- Scammers are actively targeting mobile devices. Credentials can be compromised because users can be fooled by social engineering tactics across different apps. Half of all personal devices were exposed to a phishing attack every quarter of 2022.
- AI has become a factor. AI is being used to make phishing content more credible and to widen the scope of attacks. Using victim research data, AI can create personal phishing messages and then refine those messages to add a veneer of legitimacy to get better results.
Bottom line? Stay suspicious. Use a second means of verifying information. For example, don’t reply to an email, or use contact information listed in the email or text. Go to an organization’s webpage to get contact information.
The Office of Cybersecurity can help you examine suspicious communications, even texts and voicemails. Forward all information to email@example.com. We’ll let you know if it is legitimate or a scam.
#BeCyberSafe and have a wonderful holiday season!