Any time there is a large disruption in our daily life, cybercriminals jump to the chance to engage in new forms of social engineering attacks. One of the most common is phishing, a nefarious play on the word “fishing,” where attackers work to trick a victim into giving up personal information, financial details or even credentials and passwords to use in larger cyberattacks, to harvest for the dark web or to commit a form of fraud.
Whether posing as a legitimate business, an official government agency or even a colleague or non-profit, these attacks use a wide range of sophistication, skill and tenacity to trick their victims.
Sadly, in the face of the economic, social and public health tragedy tied to the COVID-19 global pandemic, 2020 saw no respite for victims already struggling with a lot on their plates. Some studies noted a 220% increase in phishing incidents compared to 2019, fueled by so much of the population moving to a work from home or distance learning model. At the same time, 2020 also saw an evolution in the sophistication of the usually juvenile form of cybercrime, demonstrating the planning, skill and persistence of some groups to create elaborate phishing