Here’s a record nobody wanted to see broken: response-based email phishing scams are approaching all-time highs. For details, here is an article from  Stu Sjouwerman, the founder and CEO of the cybersecurity company KnowBe4.

 Post by Stu Sjouwerman (reprinted with permission)

“Setting a record for both highest count and share in volume with other types of phishing scams, response-based attacks are at their highest since 2020 and are continuing to grow.

Despite a lot of focus on credential theft, cybercriminals are trending toward response-based scams – where the scam relies on the user responding through a communication channel chosen by the scammer. We’ve seen examples of these types of phishing attacks that have leveraged chatbots, WhatsApp, and even phone calls to establish credibility and take control of the conversation.

New data from Agari and Phish Labs, in their Quarterly Threat Trends & Intelligence report for August 2022 shows that response-based scams are on the rise, being responsible for 41% of threats targeting corporate inboxes. While still trailing behind credential theft attacks, response-based scams have experienced continual growth over the last two years.

According to the report, the response-based scams can be broken down into the following types:

• Advance-Fee scams – 54%
• Vishing – 25%
• Business Email Compromise – 16%
• Job Scams – 4.8%
• Tech Support – 0.2%

Of these, vishing is up over 625% from Q1 of last year and has steadily increased over the course of the past year.

I think I should reemphasize that these scams are all focused on business users and, according to the report, may include malware such as Emotet, QBot, SnakeKeyLogger – all payloads I’ve covered before here on our blog.

The growth in response-based scams means that threat actors are seeing continual success – which, in turn, means users are responding. To stop your users from responding, it’s important that you enroll them in continual security awareness training to teach them to spot these scams before they respond to them.”

You’ll always have help running your practice and juggling your responsibilities when you have professional liability insurance coverage through Alta Pro Insurance. All insureds are automatically enrolled in the Alta Pro Lawyers RPG, where they get access to the Pro Practice Playbook, Reminger Hotline, free CLE webinars, discounts on CLIO practice management software and more. Here’s how to join.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect.

SOURCE: Response-Based Phishing Scams Targeting Corporate Inboxes Hit New Records (knowbe4.com)

Alta Pro Insurance Services keeps you informed on issues that affect your practice. Every week the Pro Practice Blog posts timely and topical dispatches from the risk management front lines. We spot looming risks – like the possibilities and potential perils of cryptocurrency – and give you advance warning. We identify promising trends – like Micro Self-Care, Cybersecurity Ethics, and the One-Page Business Plan – and give you the inside scoop. We bring you live CLE webinars on topics you request, most recently “Managing a Law Practice in Uncertain Times.” Please let us know how we can help your professional practice minimize risk and maximize reward. We’re here for you.