As we enter 2021, we look to take stock of what we learnt in 2020 and push forward into the new year. With many drastic changes to both our personal lives, and the working environment we look at how these changes affected the most common successful cyber attack, phishing. We also look at preventative measures to stay one step ahead of the hackers again this year.  

Phishing Is Changing In 2021

The phishing environment has changed drastically in the past year, as there has been drastic changes to daily life. Phisher's and hackers have attempted to take advantage of the different working environments, and new tools being used for work from home, in order to perpetuate their new scams. 2020 saw a record increase in phishing site, 2.11m phishing sites were detected by Google in 2020, a 25% increase on 2019.

From the statistics, it looks like cyber criminals will be ramping up their efforts in 2021, with 64% of businesses are anticipating an increase in COVID related phishing emails in 2021. For IT professionals, this means being proactive in the face of this growing threat. Increasing security awareness training efforts, multi-factor authentication and restricting VPN connections. Whilst the difficulties of working from home continue, end-users and IT departments will need to adopt more collaborative approaches to identify and prevent phishing attacks.

Pandemic related phishing scams

Coronavirus related phishing scams are one thing from 2020 we expect to increase in 2021. There has already been reports of coronavirus vaccine related phishing emails. It was found the users were 3x more likely to click on a Covid-19 phishing email. Recent findings are that the Covid-19 Vaccine is being used by cybercriminals, who claim to be selling vaccines online.

Remote Work Related Phishing

Remote work related phishing emails are on the rise, with hackers exploiting new working from home measures, to confuse employee's who have had to make the move to WFH in the Covid-19 pandemic.

One method that phishing scammers are exploiting is the need for virtual meet-ups, specifically Zoom and Google calendar invites. This phishing method is particularly effective as there are many links to invites being sent out.

Chatbot Phishing

Another new attack vector that came to the forefront in 2020 was chatbot phishing. Scammers are employing this more conversational approach in order to take advantage of the technology and scam users.

Scammers will usually start this technique through the usual methods, SMS or email phishing scams directing to a website. This website is likely a fraudulent version of a legitimate site they are claiming to be.

This is when the scammer will utilise the chatbot guiding you into a conversation in order to extract sensitive details. Beware of offers of large prizes on chatbots, and always make sure that you access the site you intend to through a search engine, not via. an email/SMS link.

New phishing methods emerging in 2021

Attackers continue to expand their methods, including the rise of smishing. Smishing is any phishing attempt delivered via text message. As mobile messaging becomes more common, text based scams are becoming more effective due to lower awareness compared to traditional email attacks.

Users might ignore a suspicious email, but a text message with a link often feels more personal and urgent. Since security tools cannot prevent users from clicking malicious links, education and awareness remain essential.

How to avoid becoming a phishing victim

Regardless of the format, many phishing tactics rely on the same principles. Key steps to stay protected include:

• Check for unusual sender details, misspellings or unexpected domains
• Be cautious of unsolicited requests for personal or financial information
• Verify that your credentials are not exposed online
• Ensure the websites you use have valid security certificates
• Avoid clicking links in unexpected emails or messages and navigate manually instead

If something feels out of place, take a moment to verify before acting. A quick check can prevent a serious incident.

Phishing will continue to evolve throughout 2021. Regular awareness training, clear reporting routes and consistent education remain the most effective ways to keep users alert and reduce the risk of compromise.