First, phishing is the most predominant threat in cybersecurity attacks and is constantly evolving around new forms of technology and social behaviours. Attackers have stepped up their game in 2024: now more than ever, being informed and protected has never been more important.
The Evolution of Phishing Techniques
Phishing has evolved from a general phishing scam to more targeted and sophisticated attacks. Significant changes are:
AI-Generated Emails: Generative AI now allows attackers to build out their emails to come across as authentic messages, making it hard to distinguish.
Smishing and Vishing: They ride the wave of phishing using SMS phishing (smishing) and voice phishing (vishing) and exploit mobile devices and voice cloning capabilities.
Phishing Kits: Inexperienced attackers can launch professional-grade {phishing} campaigns with existing tools from the dark web.
Fake Login Portals: Highly realistic replicas of popular platforms trick victims into entering credentials.
New Phishing Trends in 2024
Deepfake Impersonations: Through video or audio, the attacker can impersonate your CEO or someone else you trust. They make the victim give them money or tell them sensitive information.
QR Code Phishing: Phishing emails have been using malicious QR codes more and more. The victim will be directed to the scam site or download malware when you scan them.
Social Media Exploitation: Attackers generally initiate contact with their target by creating fake profiles and gradually extracting information or guiding them to malicious links.
Multi-Vector Phishing: Coordinated attacks use multiple platforms, such as email, SMS and social media, to increase their credibility and confuse a target.
Recognising Phishing Attempts
This {phishing} email or message usually has small red flags:
Urgency or Fear Tactics: Phishing messages that often claim account suspension or urgent action.
Generic Greetings: “Dear customer” instead of personalised names.
Suspicious Links: Hover over links to check the actual URL; {phishing} sites often mimic legitimate domains with slight variations.
Strange Demands: Organisations seldom request sensitive information over email or SMS.
How to Stay Safe from Phishing in 2024
Stay Informed: Employee and user education will help them identify new {phishing} attacks.
Verify Requests: Unusual requests should always be verified through another channel, such as an official number by calling.
Use Anti-Phishing Tools: Browser extensions and email filters block known {phishing} sites and spam messages.
Implement MFA: Even if attackers get your login information, MFA will not allow them to log into your account.
Be Cautious of QR Codes: Scan only safe and trusted QR codes. Avoid scanning ones from unknown sources.
Secure Social Media Account: Change privacy settings and exercise caution when accepting connection requests from unknown profiles.
Organisational Defences Against Phishing
Broad Training: Implement regular {phishing} simulations and workshops that will keep employees vigilant.
Email Authentication Protocols: Implement SPF, DKIM and DMARC in email authentication protocols to prevent email spoofing.
Zero–Trust Architecture: Limit access and authenticate continuously based on the roles.
Incident Response Plans: Have a clear plan to contain and respond to {phishing} breaches quickly.
Real-world examples of Modern Phishing
Deepfake CEO Scam: A multinational firm fell prey to a voice-deep fake attack where an “executive” authorised a fraudulent wire transfer.
QR Code Attack at an Event: Event attendees were redirected to dodgy websites by malicious QR codes on flyers.
Social Media Targeting: Malicious links were clicked by employees due to attackers pretending to be a recruitment agency on LinkedIn.
Conclusion
Clearly, these sophisticated {phishing} attacks in 2024 call for even greater vigilance and proactive defences. Whether using AI or exploiting human psychology, attackers are constantly refining their craft. Informed individuals and organisations can reduce risk by staying awake and practising the best defence. For people wanting to fight these constantly changing threats, the London School of Emerging Technology (LSET) is now delivering an up-to-date Cybersecurity Course. Learn practical skills in detecting, preventing and responding to {phishing} and other cyber threats.