In 2024, cybercriminals crafted some highly inventive and unusual phishing attacks, using advanced technologies and social engineering methods that targeted individuals and organizations. This significant rise in attacks produced an average cost of a data breach for businesses at $2.98 million for companies under 500 employees according to the U.S. Small Business Association. Be aware of these examples and the benefits of co-managed security services:
- Deepfake CEO Attack
Attackers leveraged deepfake technology to impersonate executives in real-time video calls. In one example, employees in finance departments received a video call from what appeared to be their CEO, instructing them to transfer funds to a specific account. The deepfake was so convincing that employees were unable to distinguish the fake from reality. This type of phishing attack, also known as "Business Email Compromise (BEC) 2.0," bypasses traditional security checks that rely on only email verification.
- AI Personalized Scams
Attackers used AI algorithms to create tailored phishing messages by analyzing victims' social media posts, emails, and publicly available data. One company reported receiving emails where the attacker referenced recent social media updates of employees, making the phishing attempt feel much more genuine. For example, if an employee posted about an upcoming conference, the attacker might send an email posing as the conference organizer, asking for sensitive details "to complete registration."
- IoT Device Hijacking to Manipulate Environments
Hackers exploited insecure Internet of Things (IoT) devices in homes and offices to carry out phishing schemes. For example, an attacker might take control of a smart home device, such as a connected security camera or digital assistant, and use it to play fake messages instructing users to "update their credentials" on a linked website. By compromising IoT devices, phishers have found a unique way to gain access to both physical and digital spaces.
- Phishing With Fake SaaS Pop-Ups
Attackers employed pop-up windows mimicking legitimate SaaS (Software as a Service) notifications, prompting users to "log in" to their accounts. One attack targeted HR platforms by sending an email that seemed to be a standard employee performance review notification. When the user clicked the link, a pop-up appeared, designed to look like the SaaS login portal, but instead, it captured login credentials. These pop-ups are so well-crafted that they often bypass browser filters.
- Fake "Emergency" SMS and Voice Phishing (Vishing)
Some of the most unusual phishing attacks in 2024 combined SMS and voice phishing (Vishing), where victims received an SMS alert claiming an "emergency" with their bank accounts. The SMS included a number to call for "immediate resolution." When the victim called, they were connected to an attacker posing as a bank representative, who requested confidential details to "protect their account." These hybrid attacks have proven highly effective because they combine the immediacy of SMS with a real-time human touch.
These examples highlight how phishing attacks are no longer limited to email but now involve sophisticated tactics that use emerging technologies to deceive and manipulate. Organizations can mitigate these threats by implementing multi-factor authentication, educating employees on the latest phishing techniques, and employing AI-based detection tools to spot anomalies in communication patterns.
Co-managed security services to counter phishing attacks typically provide these benefits:
- Access to expert cybersecurity knowledge
- 24/7 threat monitoring & detection by a local team of experts rather than a SaaS or a third-party sub-contractor
- Rapid incident response
- Reduced risk management
- Scalable security solution
- Cost-efficiency – avoid the need to build an internal security team
- Improved compliance management
- Stay focused on core business
- IR plans tied into Business continuity plan
There is a cybersecurity crisis happening right now. Is your business protected? LaScala’s Co-Managed Security Services are a 24/7/365 solution designed to address these escalating challenges. Connect with our team today.
