Phishing remains among the top security threats to any organization, as the attack vector is often where a hacker first attempts to steal credentials and access victim networks with the end goal of stealing secrets, deploying ransomware or other malicious activities.
Since the start of the COVID-19 pandemic, phishing attempts have grown considerably, with nearly every sector reporting increases above 66%, according to August 2021 research from Sophos.
Those attacks are growing in sophistication, with hackers using current events and pop culture to lure victims into clicking on malicious links and giving up their information. The COVID-19 pandemic was a popular social engineering lure that hackers used in phishing attacks, and it remains the most common theme of phishing emails.
According to data from cybersecurity firm Positive Technologies on the 10 most popular phishing topics in 2021, pandemic-related topics remain the most used by hackers. Some common topics were employee vaccination poll seemingly sent by HR, which asks for corporate credentials via a fake authentication form.
Other pandemic-related phishing attempts exploited the benefits given to vaccination employees in certain countries, with fake government websites appearing to offer vaccination QR codes.
While the pandemic dominated phishing email topics, pop culture was also a consistent theme, with hackers mimicking services such as Netflix or fake merchandise website selling products affiliated with popular TV shows or movies.
Sporting events such as the FIFA World Cup and Olympic Games were also popular phishing topics, with some such attacks appearing a year in advance of those events.
Positive Technologies’ report also lists dating services as a phishing attack theme as more people signed up for dating apps during the pandemic. Attackers create fake dating profiles and send would-be dates malicious links.
In another recent trend preying on the rising popularity in consumer-level investment platforms, hackers have created fake websites that imitate well-known companies.
Other tactics used by phishing attackers are well-known, including mimicking corporate communications, banking scams, mail services, travel and vacation and subscription services.