Since 2020, Google has identified and delisted 2 million websites for launching phishing attacks—an army of nefarious websites that Cisco says have hit 86 percent of all global companies. But it’s the social engineering behind those attacks that’s the scary part, experts say.
“Phishing has come a long way from mysterious foreign princes asking for loans,” said Nicholas McCourt, Chief Information Security Officer at Integris, a national managed IT service provider. “Now they’re using AI and advanced tools to do their research beforehand. They can launch attacks so customized and convincing, your employees won’t see it coming.”
Specifically, Integris warns companies to prepare for these three types of new attacks:
#1: Fake But Realistic Requests
Hackers can research your company well enough to play the role of a new potential customer or an existing vendor in your system. They’ll ask you to download their RFP or enter their new banking information into your system so that they can pay your latest invoice. With a few clicks, your employees could download a worm into your system or open your bank account to thieves.
How to fix it:
Teach employees to research the person or company before fulfilling the request.
#2: Social Media Extortion
Most people know better than to put their contact information and emails on social media accounts set to “public.” But many of your employees may have emails and phone numbers available to Facebook or LinkedIn friends. That information is all a hacker needs to set up an account in your employee’s name on damaging websites, like child porn sites. Hackers can use that “proof” to extort employees into giving up their corporate passwords.
How to fix it:
Teach employees only to use in-app messaging on social media sites and never give out their personal or professional emails.
#3: AI-Assisted Spoofing
Are you happy with your CEO’s recent company video? So are hackers. They can sample your CEO’s voice using AI technology, then use that sample to call up your accounts receivable department. “Add this new vendor to the system, and transfer this money,” they may say, sounding precisely like your CEO. When employees realize it wasn’t your CEO making that call, the money will be gone without a trace.
How to fix it:
Ask for code words, account numbers, or other forms of two-factor verification. No exceptions.
For more information on how to prevent cybersecurity breaches, visit the Integris website at www.integrisit.com/blog.
