Increased phishing attacks on instant messaging platforms: how to prevent them

Rotem Shemesh, lead product marketing manager, security solutions at Datto, explores why phishing is so difficult to stop, along with what users need to know about phishing attacks on instant messaging platforms – and what businesses can do to prepare and protect themselves.

Posted 9 August 2022 by Christine Horton

Phishing attacks are simple, easy to launch, and highly effective, making them an ever-increasing cybersecurity risk for businesses large and small. Although phishing is not new, it is often the first step fraudsters take to launch large-scale attacks. Just a decade ago, phishing emails were relatively easy to spot, however phishing techniques have evolved with targeted campaigns so sophisticated they can bypass most security solutions – tricking users into sharing confidential information. Further, the increase in phishing attacks can be attributed to automated customisation, which has made it relatively simple for bad actors, even those with little to no hacking experience, to launch highly tailored and successful attacks.

Given the success of phishing, hackers are continually on the lookout for other platforms to exploit. Ones where people have yet to raise their guard like instant messaging (IM) platforms. Given the increased usage of digital communications tools since the onset of the pandemic, it’s not surprising that cybercriminals are broadening their reach to other platforms. In conjunction with organisations migrating to the cloud, IM platforms have become the norm for today’s hybrid office. In 2021, nearly 80 per cent of workers reported using collaboration tools for work, up an incredible 44 per cent since the pandemic – making it an attractive attack venue for phishing campaigns.

Why phishing is difficult to stop

Given that IM apps like Slack, Microsoft Teams, Skype, WhatsApp, etc., have little to no security features, threat actors have found an open playing field that is relatively easy to prey upon. Although basic security measures, such as a generic security layer, supported by the email provider, is typically provided; the majority of companies have yet to deploy robust IM platform cybersecurity – placing their messaging platforms at risk.

Adding to digital communications platforms being largely unprotected, many companies are now relying on these apps for internal, as well as external communications. Given the common belief among employees that internal communication tools are secure, the use of IM platforms for internal communications has created a false sense of confidence, further increasing threat exposure. Finally, since most employee phishing awareness training relates to email-based scams, even vigilant employees may be less likely to spot an IM phishing technique. The hybrid workplace combined with a false sense of security has created the perfect storm for successful IM phishing.

Instant messaging phishing attacks: what users need to know

Not too long ago, cybercriminals primarily targeted ‘big fish’ victims. Today, it’s become common practice for threat actors to leverage new technologies to simultaneously send large quantities of phishing messages for maximum impact and success. In addition, IM attacks are no longer just the domain of seasoned cybercriminals, novice hackers can easily purchase phishing kits on the dark web. And since customisation is now automatic, both professional and amateur bad actors are phishing less obvious, and in some cases more lucrative targets such as IM platforms.

Fraudsters carry out IM phishing attacks by relying on social engineering to gain access to potential victims. Once access is gained, they send an IM that elicits a sense of fear and/or requires users to take action. For instance, threat actors will masquerade as a trusted source and send an IM that informs users of an account that has been compromised and deactivation is imminent or that there has been a vulnerability detection of a widely used application. In each scenario, the user is prompted to take immediate action, such as updating a password or changing an account.

Be aware, prepared and protected

As it is no longer a matter of ‘if’ but ‘when’ your organisation will face an IM phishing attack, you need to be aware, prepared and protected. To successfully combat phishing adversaries, you need to keep in mind that IM phishing attempts continue to rise. Additionally, knowledge is power, and you must keep up to date on new phishing strategies, security policies, and protection solutions.

Being prepared means making security a top priority. Since employees are on the frontlines of your defense, be sure they receive frequent and adequate security education and training on how to recognise IM phishing attempts. As a result of ongoing education, employees are now more suspicious of email phishing attempts. Be sure your training efforts instill the same caution when reading messages on Slack, Microsoft Teams, Skype, WhatsApp, etc. The more education provided to employees the better prepared they will be to identify IM phishing attempts. And when an attack has been identified, you need to make it easy for users to quickly report the breach.

Implementing security solutions that provide protection against IM phishing attacks is essential. In many cases, these will be the same security solutions that you are using for email cybersecurity protection. Since these solutions are typically provided via application programming interfaces (APIs), they are easy to install and use and will provide messaging platform protection for both internal and external business communications.

Finally, be sure to reinforce that users should never provide any sort of credentials, financial details, or other sensitive information over IM, even when the employee receives an IM that looks like it is from someone they know. IMs containing odd or unexpected requests such as asking for a password are red flags and must be reported immediately.

Rotem Shemesh, lead product marketing manager, security solutions at Datto.