New Phishing Trends in 2022

Ransomware is becoming an ever more popular form of attack. With incidences on the rise, people might wonder how attackers get at computers at all. There are various ways systems become compromised, but one of the most common is “phishing.” Phishing comes from old hacker slang, referring to “fishing” for victims. Hackers send out fake emails, programs, websites, and more to defraud victims. A simple form of phishing involves a fraudulent email asking for a user’s login details. Users who reply to the email with these credentials usually lose access to their accounts. While hackers have gotten more sophisticated in their efforts, some things never change. In this article, we will go over what the intelligence community sees as phishing grows.

The New Dridex Variant

At the end of December, a new variant of the Dridex malware circulated through fake emails. The phishing emails referred to recent events, in particular the COVID-19 pandemic. A new version of the scam emerged around the first days of the omicron variant. Victims received fraudulent emails with a subject line referencing COVID-19 test results. In the email, they read that they contacted a coworker diagnosed with omicron. The email would also claim that the coworker passed away. Attached would be a spreadsheet with macros that cause code to execute once run. After running this code, the malware enables complete access to the victim’s PC.

How Do Phishing Attacks Start?

Like in the example above, the most common form of phishing comes in the form of imitation. Emails that claim to come from your contacts or somebody you know are often fraudulent. No service will ever send you an email asking you to type in your password and send it via email. These actions are always performed through the service itself. Because hackers know this, they sometimes use links to malicious websites. Once a victim visits one of these websites, malicious code attacks the computer. Passwords and login tokens get stolen, and viruses may wind up on the computer.

When you receive an urgent email or an email with any attachment or link, follow these steps to stay safe:

  1. Wait: While emails can be important, most urgent conversations will occur in person or on the phone. So don’t click any links or download anything. This is especially true if you don’t recognize the sender, even if they claim to know you.
  2. Verify: If an email claims to be from your job, check it with your supervisor. Ask questions, and be sure you’re informed. If nobody sent an email like that, delete it.
  3. Research: A quick check on Google for similar emails will often tell you of a new threat. If other people are receiving the same kinds of emails, people will be talking about it. Lookup any attachments’ filenames and determine if the email is a threat.
  4. Report: Chances are that if you’re a target of a phishing attempt, other people around you will be as well. This is especially true in corporate settings. You protect your peers and company by reporting the email to supervisors and coworkers. You should also report the email through your email service.

The biggest phishing trend to be on the lookout for in 2022 is imitation. Hackers use current events and familiar-sounding services to fool you. However, by educating yourself, you can become savvy to the ways hackers will try to attack. A little vigilance goes a long way.