Phishing attacks are targeting your business more than ever, so watch out

A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
(Image credit: weerapatkiatdumrong / Getty Images)

The first few months of 2023 saw 40% more phishing and smishing attacks compared to the same period last year, new research has claimed.

The Avast Q1 2023 Threat Report notes that attacks where threat actors impersonate big brands and claim the victim is due a refund have become the most popular.

This type of phishing was up 26% in the UK  compared to Q4 2022, with one particular scam that used emails claiming victims can get a refund for a parcel that was never delivered seeing a major rise.

Phishing threat

The emails would also contain attachments which, if downloaded and run, would trigger the download of an infostealer, such as RedLine. 

To deliver the infostealer, the attackers would distribute a Microsoft OneNote file, or Adobe Acrobat Sign file. With the former, the file would hold an add-on that could trigger the download of the malware. With the latter, the legitimate service gets abused to deliver a link hosting the malicious program, for the victims to download.

In any case, the researchers found, the goal is to steal as much personally identifiable information as possible, as this data can later be used for identity theft.

“If you think your data has no value then why would scammers spend so much time trying to steal your data if it’s worthless? The truth is that anyone can be affected and it is important to stay vigilant and use proper protection,” said Jakub Kroustek, Avast Malware Research Director. 

“Unfortunately, scammers have made it nearly impossible to take any message as face value – all communications, whether seemingly from a friend, boss, or household brand, have potential to be fraudulent.”

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.