In the modern world, there are many different types of cyber-attacks that your business will come up against. However, one of the most pervasive attacks is social engineering — the most constantly evolving threat a business can face.
One of the most common social engineering attacks, phishing, continues to strengthen with new technologies that make it easier for scammers than ever before. With the world becoming more interconnected than ever, it’s so important to ensure that you’re knowledgeable and de-risk your business from the attacks you could face.
The Rise of New Phishing Delivery Methods
Scammers have found more ways to take advantage of modern technology to take phishing attacks to the next level using newer delivery methods. Where before phishing would primarily take place over email or mobile, new technologies make it easier than ever for attackers to access new victims.
Microsoft Teams has become a major player in communications in the post-pandemic world, with lots of businesses relying on it as their all-in-one communications solution for greatly enhanced productivity and connectivity. Recently, Microsoft has detailed a Microsoft Teams phishing campaign used by attacker ‘Storm-0324’ that hijacks Microsoft Teams to carry out phishing attacks.
This attack is very worrying for lots of organisations, as it’s attacking on an axis that lots of employees would’ve never thought possible. After all, Microsoft Teams seems like it could never be breached due to it being an internal communications platform — meaning that employees trust Teams more.
Similarly, another new and commonly used technology to commit phishing attacks is QR codes. Due to the fact that QR codes link to another website, attackers can use QR codes to obscure malicious website links and use them to direct a user to somewhere malicious or even harmful.
QR code scams have been plaguing the restaurant industry since the common implementation of menus using QR codes over the pandemic, but attackers are now using QR codes in PDFs and Word documents to try to trick business personnel into thinking that a QR code is safe to scan. These attacks are known as ‘quishing’ attacks and are dangerous due to the ease of using QR codes to mask the malicious nature of the link or desired attack destination. After all, it’s much harder to spot a malicious
Another common phishing attack is called ‘smishing’, and is the use of SMS (texting) to send fraudulent texts to unsuspecting victims. This is not a new technology but has become more common over time as email phishing scams have become easier to spot and avoid due to being incredibly common. ‘Smishing attacks’ have increased by roughly 30% in 2024, driven by automated ‘phishing-as-a-service’ platforms that make it easier to send malicious text messages at scale.
Increasing Sophistication and Personalisation
Another important thing to know about modern phishing scams is that they’re becoming far more sophisticated and increasingly targeted, meaning that they’re also becoming harder to spot.
The rise of artificial intelligence is a massive player in this. Having access to a machine that can access all of the available information online means that attacks are not only becoming replicable using automation and machine learning but are also becoming more dangerously realistic due to the sheer amount of power behind AI.
AI language models like ChatGPT have made it easier for attackers to create highly realistic scams — and Microsoft claims that attacks will only become more realistic from here on out.
On top of this, spear phishing is becoming a common concern for organisations worldwide. Spear phishing is a phishing attack that specifically targets individuals using highly personalised attacks, which is far more dangerous than the run-of-the-mill mass phishing attacks that most people experience.
How to Protect Your Business
There are a few different ways to protect your business from phishing attacks.
Unlike malware, these attacks are a bit trickier to fortify yourselves against as you can’t just install an antivirus and endpoint detection software to counteract them. In this instance, your employees can unknowingly become the entry point to your business. Training your employees on the various threats and how to look out for them is key.
If you’re looking to start your cybersecurity journey but don’t know where to begin, get in touch with our experts today. Tela Priority One can not only conduct a Cyber Essentials readiness report on your business and provided recommendations, we also work in partnerships with training platforms that can help your business by providing essential training to staff.
Get in touch with us now and see how we can help.
