Phishing on the Rise

As technology adoption grows, financial frauds through practices such as phishing are expected to increase in 2023.

The US Cybersecurity and Infrastructure Security Agency (CISA) has revealed that in 80 percent of the assessed organizations, at least one individual fell victim to a phishing attempt. In addition, users interacted with a malicious link in 10 percent of the phishing emails received, as cybersecurity products designed to protect companies’ networks failed to block about 70 percent of malicious files or links, according to CISA.

According to Mexico City’s Citizen Council for Security and Justice, 67 percent of phishing reports correspond to the impersonation of banking entities, 14 percent to e-commerce sites and 8 percent to airlines. Government networks are also threatened constantly by phishing, according to the entity.

Phishing is a cybercrime in which the target is contacted by email, telephone or text message by someone posing as a legitimate institution to encourage people to provide sensitive data, such as passwords and banking information, which is then used to access important accounts and often results in identity theft and financial loss.

Cybercrime has grown massively in Mexico. The country ranks first inLatin America with 85 billion cyberattack attempts in 1H22 alone, according to IDC. This figure represented 40 percent growth compared with the same period of 2021. “Increasingly, companies are adopting cybersecurity measures or policies to avoid being victims of ransomware, phishing or any attempt to cyberattack the infrastructure of companies, internal and external customers or business partners,” says Juan Carlos Parra Rodríguez, Telecommunications Research Director, IDC México.

At a global scale, the cost of data breaches from cyberattacks is expected to surpass US$5 million per incident in 2023, according to the cybersecurity firm Acronis. The company’s Cyber Protection Operation Center found phishing and malicious email threats increased by 60 percent in 2022.

“The most vulnerable link in a security architecture is the people it protects. Although complex attacks, shadow IT and ransomware attacks dominate headlines, social engineering remains a proven and persuasive way to gain a foothold on a company network. Phishing attacks are one of the cybercriminals' preferred channels for gaining initial organizational access and there has been a phishing scale-up in the past year,” wrote for MBN Juan Carlos Carrillo, Director, PwC México.

Cybersecurity strategies must be based on understanding the threat, attackers and the value of an organization’s data to offer proper user training against the attacks while deploying security solutions following best practices, wrote Carrillo.