Cybercriminals get more and more creative over the years, especially when it comes to phishing. The most recent PhishMe report disclosed that employees are successfully being targeted as customers.
According to PhishMe, behind most of the successful phishing attacks stand emotional factors such as fear, urgency, and curiosity.
For instance, fraudulent Delivery Issue or Speed ticket lead to fear, Urgent or Canceled transactions for urgency. However, the most recent report revealed that entertainment, social media and reward/recognition gambits replace fear, urgency, and curiosity.
The list of emotional factors that consumers fall for, according to PhishMe:
- Entertainment – 19.5%
- Social – 16.0%
- Reward/Recognition – 13.8%
- Curiosity – 11.9%
- Job Function – 11.8%
- Urgency – 10.7%
- Fear – 10.4%
- Opportunity – 7.8%
According to the report, the successful anti-phishing programs are capable of detecting work-related scams. However, most programs do not spot consumer scams.
Employees will always take a break to do personal business online, so you can expect work and home email to continue blurring. Personal devices in the workplace often have multiple email accounts—the source of an email may not be distinguished as it should. However, to sustain morale, communication, and collaboration, among other reasons, companies are unlikely to restrict BYOD or access to social media, news and entertainment sites.
In addition, the main reason why the range of phishing scenarios increases is how consumers perceive the information and interact. “Many news and social feeds are now subscription-based; they’re common in email and mobile device alerts,” the firm said. “This explains the rise in phishing attacks via social media links and fake news sites. Because they’re accustomed to them, people think it’s safe to click.”
The PhishMe report also revealed which simulations match the top emotional motivators. Simulated e-card phishes can be notices in top three areas: social, entertainment and reward/recognition.
In addition, in top phishing scenarios per emotional motivator also included financial and compliance. Thus, fear is still a very strong motivator.
Not only emotional motivators make users fall for phishing. Certain types of content also trick many consumers. These include social, safety, retail, office communication, personal matters, employee wellness, finances & contracts, employee benefits, security, software update, news and events, politics.
It is worth mentioning that despite the increase of themes and motivators for phishing attempts, business email compromise/CEA fraud email approach that does not include any link or attachment is still the most effective simulated phishes in the company’s testing.
In addition, phishing type of attacks does not go away.
When a phishing type disappears for a while, be afraid. Be very afraid. It will likely come back and you need to be ready.