GUEST ESSAY: These advanced phishing tactics should put all businesses on high alert

By Zac Amos

Phishing attacks are nothing new, but scammers are getting savvier with their tactics.

Related: The threat of ‘business logic’ hacks

The Iranian hacker group TA453 has recently been using a technique that creates multiple personas to trick victims, deploying “social proof” to scam people into engaging in a thread. One example comes from Proofpoint, where a researcher began corresponding with an attacker posing as another researcher.

Other Iranian-based cyberattacks have included hackers targeting Albanian government systems and spear phishing scams. According to a new study, phishing attacks rose 61 percent in 2022, with cryptocurrency fraud increasing 257 percent year-over-year.

Companies and consumers must be more cautious than ever when using their devices. Here are four new phishing trends keeping businesses on their toes.

Spear phishing

Spear phishing attacks have taken the dangers of traditional phishing to another level, mainly because it’s highly targeted and precise.

Nowadays, small businesses are more susceptible to spear phishing since they lack the IT security infrastructure in larger organizations. As more people work remotely, companies must be vigilant when sending and filling out online forms, such as login pages — a newly-preferred mode of enticing potential victims.

These cases involved employees entering a harmless site, then getting redirected to a dangerous one. From there, they enter their credentials and unknowingly give them to hackers.

Compromised email

Malicious ransomware is one of the top-growing cyberattack threats companies face. However, hackers are getting smarter as they develop new money-making methods to exploit businesses.


Compromised emails are now the norm, as attackers have found a way to infiltrate these systems to send phishing emails to employees, vendors and consumers. Because the address comes across as an internal team member, people trust them, ultimately exposing themselves to cybercrime.

Business email compromise also increased during the COVID-19 pandemic — it’s a common entry point for cybercriminals. As such, staff must avoid sending personal and sensitive information via email for hackers to steal.

Wire fraud

Imagine someone is about to buy a house and receives email instructions for wiring the closing costs — with just one click, they’ll be a new homeowner. Now imagine how they’d feel finding out they were the victim of wire fraud, as the $20,000 payment suddenly disappears.

Business impersonation is increasing exponentially with hackers gaining access to company email accounts. After monitoring conversations for some time, they look for the start of the transaction and insert themselves into the chain. The hackers then send a legitimate-looking, well-crafted, error-free email with a link that wires the money to a separate bank account.

The real estate industry is currently battling an influx of these cyberattacks. A recent survey showed that one-third of all real estate transactions had a wire fraud attempt in 2020. Additionally, 76% of real estate agents reported increased fraud attempts from the previous year.

Phishing via texting

If it seems more spam texts are coming in, that’s because they are — the FCC reported a 146% uptick throughout the pandemic.

Text message phishing — also known as “smishing” — is when scammers send texts to entice people to transmit personal information, such as passwords or credit card numbers. Because people tend to open messages within 15 minutes of receiving them, scammers have found it a lucrative way to trick people.

Smishing might impersonate the government, banks or other agencies to seem more legitimate. Although most people can tell when they’ve received spam texts, 6% report losing money through text fraud.

Steps to effective security

Developing a secured network strategy is essential to avoid cyberattacks, as these new phishing tactics could negatively impact a business. To prevent malicious scams, companies should do the following:

•Install high-quality antivirus software and spam filters.

•Implement a policy to update passwords every 90 days.

•Require strong passwords or two-step and multi-factor.

•Encrypt all sensitive information and documentation.

•Secure web browsers and only use those providing adequate security.

•Train workers on how to identify phishing attempts.

Human error often drives phishing success, so deploying the right security tools and ensuring employees understand their place in avoiding cybercrime is the best way to protect company data.

Companies must implement several security measures to prevent the repercussions of cyberattacks. Otherwise, they risk dire consequences.

About the essayist: Zac Amos writes about cybersecurity and the tech industry, and he is the Features Editor at ReHack. Follow him on Twitter or LinkedIn for more articles on emerging cybersecurity trends.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone