Smishing and Deepfakes Top the List of Cyber Attack Methods Expected in 2020

You want to know what to expect from data breaches, phishing attacks, and other calculated methods in 2020? There’s no better source than Experian’s seventh-annual Data Breach Industry Forecast report.

There’s a ton of chatter around what’s going to be the next “big thing” in cyber attacks. And while there will certainly remain a material amount of “more of the same” with, perhaps, a twist of ingenuity on the part of the cybercriminal, there are a few trends the folks over at Experian Data Breach services are strongly advising organizations be mindful of as we move into 2020. These include:

• The use of smishing attacks as part of identity theft scams. Experian is expecting quite a bit of presidential campaign-related attacks this year. Texts seemingly coming from political campaigns with links may prove to be scams intent on stealing credentials, infecting endpoints, etc.
• BEC expanding to include deepfake audio and video. We’ve covered how this technology can be easily used to mimic an executive. Experian believes we’re going to see this explode in 2020 as part of a social engineering toolkit that can aid those seeking to commit fraud, steal data, gain access, etc.

Users need to be wary of these tactics on an on-going basis throughout 2020. In the case of Smishing, it’s a little easier to tell the user what to look for – poor grammar, misspellings, unsolicited messages, etc. But in the case of deepfakes, the technology is getting so good, that audio can be generated in real time, allowing a would-be attacker to interact directly with their victim and sound like someone of authority within the company.

Organizations need to elevate their employee’s level of vigilance through Security Awareness Training by educating them on the kinds of attacks used, and why their first thought should be one of scrutiny and not of simply complying with a received request.