When we think of phishing, email scams often spring to mind, but cyber attackers are evolving. Today, we’re seeing a whole new arsenal of clever phishing tactics designed to target unsuspecting users beyond the traditional email inbox. Understanding these methods could be the key to protecting your business from costly mistakes.
1. SEO Poisoning: Phishing Sites in Plain Sight
Phishers have mastered SEO, pushing malicious sites to the top of search results. For example, a simple search for “download Photoshop” might lead you to a lookalike page that’s anything but safe. Even Google business listings aren’t immune, with scammers hijacking legitimate contact information to divert calls and gather data.
Over 13 million malicious URLs were detected in search results during a single quarter in 2023, many of them designed for phishing purposes.
Source: Google Threat Analysis Group
2. Paid Ad Scams: When Ads Aren’t What They Seem
Known as "malvertising," paid ads are also fair game for attackers. By buying ad space on social media and search engines, they can lead users straight to harmful websites or embedded malware, turning a simple click into a data breach.
3. Social Media Phishing: Not All Followers Are Friends
Attackers impersonate real users or popular figures to gain trust on social media platforms. Whether through direct messages, comments, or even interactive quizzes, they create scenarios to lure users into handing over personal information or visiting phishing sites. The use of deepfakes and AI makes these scams harder to spot.
4. QR Code Phishing (Quishing): Scan at Your Own Risk
With the rise in QR codes, “quishing” has become a trend. From restaurant menus to parking meters, attackers can place fraudulent QR codes that, when scanned, lead to malicious sites or even prompt fake payments. This tactic has surged by over 500% recently, emphasising the need for caution.
A recent study revealed a 587% rise in quishing attacks over the past year, reflecting their growing popularity among scammers.
Source: Abnormal Security
5. Malicious Mobile Apps: More Than Just Downloads
Apps are everywhere, but not all are safe. Some apps on reputable stores are designed to look legitimate but hide malicious code capable of stealing financial data or conducting unauthorised surveillance. Recently, over 90 such apps were found on Google Play, downloaded millions of times before detection.
In 2023, over 200,000 malicious apps were removed from app stores globally, a sharp increase from previous years.
Source: AppDefense Alliance
6. Callback Phishing: Fake Customer Service Scams
Some phishing attacks start with a simple request to “call back” for support. Through emails, texts, or even Google Forms, scammers post fake customer service numbers that appear credible. When users call, attackers attempt to extract sensitive information under the guise of helping.
7. Cloud-based Phishing: Trusted Platforms Exploited
As businesses rely on cloud platforms like Microsoft Teams or SharePoint, attackers have begun using these trusted platforms for phishing. By hosting phishing content on Google Drive or Microsoft Sway, for example, they can bypass many security measures, making fraudulent links seem legitimate.
8. Content Injection Attacks: Malicious Messages on Genuine Sites
In some cases, attackers can modify a website’s content directly, inserting malicious links or phone numbers into genuine sites. Imagine clicking on a “Contact Us” link and ending up on a scammer’s website instead. This tactic, though less common, is a growing threat as attackers discover new vulnerabilities.
Defend Your Business Against Phishing in All Forms
Phishing has moved beyond email, and every organisation needs to be prepared. From ongoing training to robust security protocols, vigilance is key.
Don't leave your business exposed - contact Somerbys IT to explore how our security solutions can help safeguard your team against evolving phishing threats. Let’s keep your data, finances, and reputation safe 🔒