Earlier this year, the SANS Institute published a blog exploring emerging phishing trends. This kind of research is an invaluable resource for all individuals and organizations looking to identify and rebuff phishing attacks. In this article, we’ll cover some of the key findings from that report. 
Traditionally, phishing attacks relied on email as a primary communication channel. However, in recent years, attackers have shifted toward other messaging technologies such as Apple iMessage, WhatsApp, and SMS. These platforms often lack robust filtering capabilities, making it easier for scams to go undetected. Additionally, the concise nature of text messages can make it challenging to discern legitimate messages from phishing attempts. Therefore, organizations must emphasize to their employees that phishing attacks can now occur through various messaging technologies, not just email.
Traditionally, phishing attacks aimed to infect victims’ computers with malware. However, as security defenses have become more adept, attackers have shifted their objectives. Today, the three primary goals of phishing attacks include:
Understanding the types of phishing attacks your organization encounters is crucial. Collaboration with your Cyber Threat Intelligence team, Email Support team, or those responsible for email filtering and perimeter defenses can help identify the prevalent threats. Anti-phishing solutions can also provide insights into the types of attacks your organization faces.
Educating your workforce on the most common indicators and clues of phishing attacks is essential. It’s not feasible to train employees on every phishing attack and lure, as attackers continually adapt their tactics. Focus on the indicators that transcend the method or lures used by cybercriminals. These common indicators include:
While these common indicators help protect against various phishing attacks, it’s essential to avoid relying on outdated indicators:
As phishing attacks evolve, staying informed about emerging trends is vital for maintaining effective defenses. Threat actors are exploiting new modalities and goals, making it essential for organizations to educate their workforce about the evolving nature of these attacks. Understanding the most common phishing indicators and adapting to the changing landscape is crucial in the ongoing battle against cyber threats. By doing so, organizations can enhance their security posture and reduce the risks associated with phishing attacks.

source