June 21, 2022
Good morning, everyone!
Patch All the Things!
Phishing is not just email
In the news last week, "Massive Facebook Messenger phishing operation generates millions":
Researchers have uncovered a large-scale phishing operation that abused Facebook and Messenger to lure millions of users to phishing pages, tricking them into entering their account credentials and seeing advertisements.
The campaign operators used these stolen accounts to send further phishing messages to their friends, generating significant revenue via online advertising commissions.
This seems like a good time to remind people that “phishing” is more than just emails! Literally anything with a link to a website can be used as platform for a phishing attack. Spammy SMS text messages (“smishing”) are on the rise as well. Here are some interesting stats:
- In March 2022, spam texts rose 28% from February 2022 and increased by 1,024% from April 2021
- In 2021, spam texts rose by 58%.
- In 2020, the average number of spam texts received by an individual was 14.7. The average rose 15% in 2021 to 16.9.
- Scam text messages outpaced scam calls in 2021. While there were 72.2 billion scam calls in 2021, there were 87.8 billion scam texts.
- In March 2022, text spam growth outpaced robocall growth. While robocalls rose 20%, text spam rose 30%.
- 38% of individuals received a suspicious text message in 2021.
- A 328% increase in smishing attempts was tracked in the third quarter of 2020 as the move to work from home pushed more people onto their phones.
- The Federal Communications Commission saw a nearly 146% increase in the number of complaints about unwanted text messages in 2020.
Communications platforms like Telegram, Signal and WhatsApp have been used for phishing attacks for several years. Now, thanks to COVID and telework, the use of online collaboration tools like Slack and Discord has increased dramatically, and the bad guys started taking advantage by posting documents with malware embedded and posting links to infected websites.
Remember, Think Before You Click! Do I need this? Do I trust this? Should I risk this? Is there another way to get this information?
Be safe this week! (and always 😉)
Talk to you again soon!
Security Awareness Training Available Here, There, Everywhere!
Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.
Contact me to schedule your employee training sessions. They're fun! ☺