As we progress through 2024, phishing attacks are not just persisting, they're evolving with alarming sophistication and precision. Powered by advancements in artificial intelligence (AI) and deepfake technologies, today’s phishing schemes are increasingly difficult to detect and dodge.
Understanding Key Aspects of Modern Phishing Techniques
1. The Rise of AI in Phishing
The introduction of AI in phishing has been a game-changer for cybercriminals. They are now employing advanced machine learning algorithms to craft emails that mimic the tone, style, and intricacies of communications from trusted sources. This year has seen a surge in such AI-enhanced phishing attempts, making traditional detection methods less effective.
These scams often target individuals with personalised messages crafted through AI analysis of social media and public records, making them difficult to distinguish from legitimate communications.
2. Deepfake Dangers
Further compounding the threat are deepfake technologies, which enable scammers to create convincing audio and video clips of recognisable voices and faces. The realism afforded by deepfakes significantly enhances the effectiveness of phishing scams, leading to increased financial losses and reputational damage for victims.
Recently, a large multinational company was scammed out of $40 million due to a deepfake video call scam. Scammers created AI-generated images and voices of the company’s CFO and other colleagues to convince an employee to transfer significant sums to fraudulent accounts.
3. Seasonal Spikes in Phishing Activity
Interestingly, phishing attacks exhibit a seasonal pattern, with a noticeable increase during the peak retail period (November - December) typically including events such as Black Friday, Cyber Monday, and the lead-up to Christmas and Boxing Day.
Scamwatch has highlighted we should be especially wary of parcel delivery scams, which see a notable increase. These scams often involve emails or texts pretending to be from legitimate services like Australia Post, claiming issues with parcel delivery to extract personal information or payment for redelivery.
4. The Costly Threat of Business Email Compromise (BEC)
Business Email Compromise (BEC) scams have been significantly impactful underscoring the need for enhanced vigilance and cyber security protocols. These scams typically involve cyber criminals impersonating company executives or partners to trick employees into making unauthorised financial transactions.
Last year, Australians reported losing $16.2 million to payment redirection scams. Despite the total number of reports to Scamwatch decreasing by 28 per cent, the total amount lost increased by 3 per cent, indicating that Australians lost significantly more money per scam last year compared to 2022.
“Scammers are sophisticated criminals and are becoming more targeted in how they exploit Australian consumers and businesses,” ACCC Deputy Chair Catriona Lowe said.
One notable incident, cyber criminals impersonated staff members and altered invoice details, leading to an Australian business inadvertently transferring nearly $2.7 million to a fraudulent account. Fortunately, a substantial portion of these funds was recovered due to quick action in cooperation with international law enforcement.
Defensive Strategies Against Sophisticated Phishing Attacks
To combat these evolving threats, it's crucial to implement multi-layered security measures:
- Enhanced Verification: Always verify the authenticity of requests for sensitive information or financial transactions, especially if they originate from senior executives or external partners.
- Multi-Factor Authentication (MFA): Use MFA wherever possible to add an extra layer of security.
- Regular Training and Awareness: Conduct regular training sessions to educate employees about the latest phishing tactics and preventive strategies.
- Advanced Security Solutions: Employ security solutions that can detect and respond to AI-generated texts and deepfake content.
The phishing landscape in 2024 demands a proactive and informed approach to cyber security. As attackers harness more sophisticated technologies, our defence strategies must evolve in tandem. By staying informed and prepared, we can mitigate the risks associated with these high-tech phishing attacks and protect our digital environments from potential breaches.
How Can Diamond IT Support Your Cyber Security Defences?
Stay vigilant and keep your security knowledge up-to-date. Diamond IT can help you ensure your technology, policy and staff education programs align with best practice to protect you from the ever-evolving cyber threat landscape. Our Business Technology Managers (BTMs) are specialists in improving your internal cyber security.
- Managed IT Support with Cyber Security.
- Cyber Security Awareness Training.
- Cyber and Data Breach Consulting and Forensic Analysis.
- Disaster Recovery (DR) Planning.
If you need advice on how you can ensure your cyber security strategy is fit for purpose our team of cyber security experts are ready to help. Contact our team on 1300 307 907 today.
