Spear-phishing attacks are on the rise in 2020 – Many organisations have changed their working principles due to Covid-19, and they have adopted remote working principles. However, this has brought challenges since the employees can’t reach the IT Security Teams directly. In this blog, I am going to discuss how spear-phishing attacks have risen in 2020.
1 – Why Spear-Phishing Attacks Are on The Rise in 2020?
Due to COVID-19 shutdown, many businesses have confronted solid challenges related to cybersecurity. The employees working at home have been targeted by Cybercriminals using spear-phishing attacks. Cybersecurity specialists warned about an increase in spear-phishing attacks.
Cybersecurity researchers reported that after the lockup, which started in mid-March and was initially pretty quiet, there was a strong uptick in spam and spear-phishing attacks which were very targeted phishing attacks that had never been seen before.
It’s pretty common to see spear-phishing attacks targeted CEO and CFO. But during this time, we’ve seen well-created spear-phishing emails looking absolutely authentic and legitimate.
IT Securities reported that the spam messages were typical spam messages, written and sent randomly, however unlike the spam messages, spear-phishing attacks were well-crafted and organised.
2 – Hackers Use Breached Accounts
Spear-phishing attacks are becoming more dangerous than other phishing attack vectors. The hackers choose to target customers, vendors who have been the victim of other data breaches.
Criminals are using breached accounts. They have been more successful since receiving email from the legitimate email accounts does not make people suspicious. Also, due to many reasons, most of the people don’t pay attention to the link if the source is legitimate. That means breached accounts have done most of the work in spear-phishing attacks.
That creates a new type of third-party risk in which the compromised accounts are known by the hackers, and they are used for legitimate business requests. Today, cybersecurity teams have changed the way they operate because of the new risk.
3 – Verify The Request Step-by-Step
Researchers have reported that when cybercriminals use compromised accounts, this creates a massive third-party risk. Since unlike other phishing attacks, the attacks come from trusted sources and users need to verify every step of the request they receive to avoid the attacks.
Making a phone call after you receive any request is imperative. Keeping in touch with the person who made the requests and verifying every step of the requests prevents the attacks. But you shouldn’t use email to verify the request because a cybercriminal can be using this email to attack. And the cybercriminal can verify himself in that case. Therefore, the best option will be verifying the email using a phone.
4 – Tips to Avoid Phishing Attacks
- Use Multi-Factor authentication to protect your accounts.
- If you get a suspicious email, delete it.
- Beware of links you get with emails. If It’s from an unknown source, do not click on it.
- Pay attention to attachments in emails. If It’s from an unknown source, do not download or open it.
“This post is originally published at www.keepnetlabs.com”

Teknoloji Haberleri
- Elon Musk, şimdi de uzaydaki astronotları aç kalmaktan kurtaracakNASA'nın uzaydaki astronotlarına erzak götürecek uzay aracı bozuldu. Cygnus uzay aracı fırlatma alanına giderken hasar gördü ve uçmaya uygun olmadığı belirlendi. Peki bu astronotlar taş mı yiyecek?
- YouTube, platformu istila eden sahte film fragmanlarına savaş açtıYouTube kısa sürede yapay zekayla yapılmış sahte film fragmanlarıyla dolmaya başladı ve Google, şimdi bu kanallara savaş açmış durumda...
- Apple, Project Mulberry ile bileğinize bir tıbbi laboratuvar yerleştirecekiPhone ve Apple Watch verileriniz artık daha anlamlı hale geliyor! Apple, sağlık uygulamasını baştan sona yeniden tasarlayarak yapay zeka desteği sunmayı planlıyor.
- Microsoft'tan Windows 11'in hızına yetişemeyenler için yeni siteMicrosoft, Windows 11 için yayınladığı yeni yol haritası portalıyla güncellemeler konusunda daha şeffaf bir dönemi başlatmayı amaçlıyor. Özelliklerin piyasaya sürülme tarihlerini ve açıklamalarını içeren portal, dinamik bir bilgi kaynağı olmayı hedefliyor.
- TikTok’un yeni yapay zeka sürprizi: InfiniteYou neler sunuyor?ByteDance’in geliştirdiği InfiniteYou yapay zeka modeli, kullanıcılara profil görsellerini farklı estetiklerle çeşitlendirme imkanı sunuyor. Bu yenilik, hem bireysel kullanıcıları hem de sektörün geleceğini etkileme potansiyeline sahip.