Cybercriminals keep changing their tactics – that’s how they turn targets into victims. Are you aware of one of the latest variants of phishing, in which malware is attached to an email and disguised as a voicemail?
A new variation of phishing has been discovered – cybercriminals are now embedding malware in emails and disguising it as a voicemail recording. In this article, we’ll answer the following questions to help you protect yourself against this and other forms of phishing:
Phishing is a method in which cybercriminals send fraudulent emails that appear to be from reputable sources in order to get recipients to reveal sensitive information and execute significant financial transfers. Phishing attacks are mass emails that request confidential information or credentials under pretenses, link to malicious websites or include malware as an attachment. With only a surprisingly small amount of information, cybercriminals can convincingly pose as business members and superiors in order to persuade employees to give them money, data or crucial information. The reality is that cybercriminals can keep doing the same old thing because users keep falling for the exact same tactics without ever seeming to learn the cybersecurity measures needed to protect against them.
That’s why – the businesses keep making it easy for cybercriminals to get away with.
This is one of the latest variants of phishing being tracked by cybersecurity professionals. Instead of attaching malware to an email and disguising it as, say a PDF, cybercriminals specifically disguise it as an audio file, and make it so the email appears to be from an automated voicemail service. These legitimate services are more and more common in the business world today. When a user receives a voicemail, they also get an accompanying email with a recording of the message for them to review without having to access their voicemail inbox. Regardless of how vishing works, it’s based on the same principle as all other types of phishing – it assumes the user will believe that the email is legitimate, and will download the attachment.
The average phishing attack costs businesses $1.6 million. The problem with the rising tide of cybercrime incidents (e.g. the rate of phishing attacks increased by 65% in recent years) is that you get desensitized to the whole thing. Cybercrime attacks continue to happen on a regular basis; new variations on the same old trick that pop up over and over again point to a bigger problem than the actual scams – businesses aren’t learning to protect themselves. That’s why the number of reported phishing attacks has gone up by 65% in the past few years.
Share these key tips with your employees to ensure they know how to spot a phishing attempt:
In the end, the key to phishing methodology is that it doesn’t rely on digital security vulnerabilities or cutting-edge hacking technology; phishing targets the user, who, without the right training, will always be a security risk, regardless of the IT measures set in place. Waiting for another major cyberattack to start making the rounds is not the time to start investing in your staff’s cybersecurity awareness or to start looking at providing cybersecurity training- at that point, it’ll be too late. Making cybersecurity education a routine for your entire team – management included – is the most effective way to ensure your team can spot and stop a phishing attempt.
Like this article? Check out the following blogs to learn more: