The world of cybersecurity is ever-changing, and bad actors are increasingly coming up with sophisticated social engineering phishing attempts that most people lack the training to identify. As we have touched upon in our previous blog posts, with the increasing rise in remote learning/work, bad actors are launching increasingly sophisticated social engineering and phishing campaigns utilizing software that we use every day. Two recent phishing scams have been found, which use phony PDFs and fake Support Google Docs to scam people out of their personnel information and direct them to malicious sites.
Hand in hand with the rise of remote work, the sharing of PDF documents has never been more enticing for bad actors. PDF files are an enticing phishing vector as they are cross-platform and allow attackers to engage directly with users, making their schemes more believable instead of a text-based email with just a plain link. Thanks to research from Palo Alto Networks' Unit 42, we have seen that attacks using PDF files have spiked over the past year. "From 2019-20, we noticed a dramatic 1,160% increase in malicious PDF files – from 411,800 malicious files to 5,224,056." According to Unit 42, the most popular form of PDF phishing lure used an image of a fake CAPTCHA to trick users into clicking a "Continue" button, which led to a malicious site.
As with the rise in remote work, cryptocurrencies are currently having their shining moment in the sun, and crypto wallet companies are starting to see an increase in the number of phishing attempts made on their users. Crypto wallet provider MetaMask has alerted its users of a new phishing bot that attempts to steal their seed phrases. The bot tries to direct users to a supposed "instant support" portal where they are advised to enter their recovery phrase into a Google Docs form which is then used to respawn user's crypto wallets.
We are continuing our shift to an online-first world both our personal and work data are at risk. Bad actors are continually refining and implementing new kinds of phishing and social engineering scams, making it more difficult for people to be aware of the threats. Implementing a solid security awareness program with PhishingBox can protect your company and give your employees the knowledge to diagnose potential hazards in their personal lives. If you would like to see how to protect your employee's data from bad actors, you can schedule a demo today!
Running simulated phishing tests will determine your employees' susceptibility to social engineering and phishing scams. Train your employees and help them identify spear phishing and ransomware attacks.