Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A recent campaign, unearthed by researchers at INKY, is the latest example of exploitation of a legitimate cloud service. The campaign impersonates the U.S. Small Business Administration (SBA), targeting small businesses that are unaware of the fact that the SBA recently stopped accepting applications for COVID-19 relief loans or grants. The element that makes this campaign stand out from the others is the exploitation of a well-known and familiar cloud service to host the phishing page: Google Forms.

Phishing is a well known threat that users are constantly being warned about, but as we are in Cybersercurity Awarenss Month though, some may still be wondering what exactly phishing is and how to prevent it. In this blog, I am going to dig into how you can recognize phishing and how enabling multi-factor authentication can help keep you safe.

Phishing attacks have been increasing rapidly year on year, and surged as a result of COVID-19. Research shows that 96% of phishing attacks are sent by email. A common technique used in these attacks is to impersonate well known or trusted brands to entice users to open links and attachments. One way to achieve this is to “spoof” the email address that is shown to users in their email client.

Business email compromise (BEC) is big business for malicious actors. According to the 2021 FBI Internet Crime Report, BEC was responsible for nearly $2.4 billion in cyber crime losses in 2021. At its root, it’s a type of phishing attack. And with the rise of smartphones and tablets, attackers are expanding well beyond email. They now leverage other platforms such as SMS messages, messaging apps like Signal and WhatsApp, and social media apps to target and compromise their targets.

The Anti-Phishing Working Group (APWG) Phishing Activity Trends Report reveals that in Q2 of 2022 there were 1,097,811 total phishing attacks. This marks the worst quarter for phishing observed to date, exceeding Q1 of 2022 which was the first time the three-month total exceeded one million.

What is Phishing? You have most likely heard the term phishing thrown around social media recently, and no, people haven’t taken up a new hobby at the local lake. The first known mention of the term “phishing” stems from a program named AOHell designed in the 1990s.

The theme of this year’s Cybersecurity Awareness Month theme – “See Yourself in Cyber” – focuses on how both individuals and organizations can better protect themselves from cybercrime. One of the most important steps we can all take is learning to recognize and report phishing attempts.

At Tines, we understand there’s no such thing as a universal workflow. While there are often some standard best practices, whether carrying out a workflow manually or automating it, every team has a unique approach and set of tools to solve challenges. This is especially true for security teams, who constantly have to evolve their processes and infrastructure to stay ahead of cyber attackers in today’s rapidly changing threat landscape.