The increasing sophistication of phishing scams

It was just another Tuesday morning when one of our team member’s mum’s phone buzzed with a text message. “Commonwealth Bank: Your recent transaction at David Jones has been declined because of suspected fraudulent activity.” She knew she hadn’t shopped there, but what if someone had her details?

When she clicked the link in the message, it took her to a legitimate looking login page for her bank. It asked for her login details to verify her account. It all seemed so real and concerning.

Luckily, our team member’s mum is vigilant when it comes to cybersecurity and she has Sapher installed. However, thousands of people do fall victim to these types of scams daily.

Evolution of phishing scams

The days of promised millions from Nigerian princes landing in our inbox are behind us. Today’s phishing scams have grown into difficult to detect deceptions that can fool even the most vigilant and tech-savvy people.

Modern scammers craft emails and websites that are indistinguishable from legitimate ones, mimicking logos, layouts, and writing styles with alarming accuracy. They’re also leveraging artificial intelligence and machine learning to create more convincing and targeted attacks that generate personalised content, making scams appear more authentic and relevant to each potential victim.

Perhaps most unsettling is the use of personal information gleaned from social media and data breaches. Scammers can now customise their approach using details like your recent purchases, travel plans, or work history. Plus, we’re busy. We all receive countless emails and often gloss over the details and click links and download attachments with little thought. 

Why people fall for phishing scams

Understanding why people fall for phishing scams helps us as individuals to develop more cybersecurity awareness and better defenses. Scammers are masters at psychological manipulation, triggering emotional responses that override our rational thinking through tactics like:

• Urgency: Messages claiming immediate action are required to create panic and hasty decisions.
• Fear: Threats of financial loss or legal action can paralyse critical thinking.
• Greed: Promises of windfalls or exclusive deals on much-desired goods or ambitions can cloud our judgment.

Phishers often impersonate trusted organisations, services and products you know, like and trust, using their branding and messaging to impersonate. People are more likely to believe they’re interacting with a known entity or a brand they’ve purchased from.

It won’t happen to me 

Many Australians believe they’re aware enough not to fall for a phishing scam, but the statistics tell a different story. 

According to Statista’s Data Breaches Worldwide Report, a 2022 survey of working adults revealed that 34% of respondents had taken any action that could threaten their internet safety. A further 18% said they had clicked phishing links leading to a fake website, while 13% downloaded malware from smishing (the urgent requests or tempting offers with malicious links sent via text).

1. In 2020, Australian hedge fund Levitas Capital collapsed after falling victim to a $8.7 million cyber scam involving a fake Zoom invitation.
2. The University of Tasmania fell victim to a phishing attack in 2020, leading to unauthorised access to staff email accounts and exposing the personal information of students and staff.
3. In 2017, a senior Australian Bureau of Meteorology official clicked on a phishing email, giving hackers access to the organisation’s systems.
4. Australian graphic design platform Canva suffered a data breach in 2019 started through a phishing attack, affecting 139 million users.

Technology’s role in intercepting phishing attempts 

Email filters and anti-phishing software are an effective defence, scanning emails for suspicious patterns and red flags like misspelled sender addresses, urgent language, or malicious links. Many email providers and security software packages offer this protection.

But what about the super sophisticated attempts? Advanced tools like the Sapher Shield’s browser extension offer another layer of protection. Using real-time threat analysis, Sapher Shield analyses links and website behaviour 24/7, identifying suspicious activity that might slip past traditional filters. By combining these tools with a healthy dose of caution (if something feels off, it probably is). Combine these tools and a greater sense of awareness, you can browse with greater confidence.