A hacker’s Christmas Carol – the ghosts of phishing scams past, present, and future

‘Twas the night before Christmas, and all through the network, not a techie was stirring, but a hacker did lurk…

As many of us prepare to wind down and enjoy a well-earned break after a busy year, scammers are also getting ready. However, while we’re planning for mince pies and festive movies, they’re planning to exploit gaps in cybersecurity and gain access to networks when organisations’ defences are typically lower.

We tend to see a spike in phishing, social engineering, and business email compromise attempts in December, often using holiday or payroll themes, such as end-of-year bonuses or rewards. In this blog, we’ll explore the ghosts of phishing scams past, present, and future, how these attacks have evolved, and how they will continue to do so.

Less advanced defensive technologies and a limited awareness of internet scams made early phishing attempts easier to execute. From fraudulent emails to fake websites, these early scams followed the same basic formula that we still see today. The premise was to entice users to click on a malicious link or attachment that installed malware on the device.

In the 90s and early 00s, people and businesses weren’t on alert for these kinds of threats, and felt compelled to act when they received an email that created a sense of urgency or threatened consequences if action wasn’t taken. However, one key difference was the sophistication of these rudimentary cyberattack attempts, which were usually riddled with grammar or spelling errors, or with very little personalisation.

One of the earliest spates of significant cyberattacks in Ireland targeted banks, particularly Bank of Ireland, in 2006 with a wave of phishing scams that led to financial losses for both the bank and its customers.

Today, phishing attacks have become much more sophisticated and we’re seeing major advancements in tactics. For example, spear phishing is a more targeted form of attack, where an individual is selected by the attackers and duped using highly personalised and carefully curated information.

We’re also seeing a rise in artificial intelligence (AI)-powered attacks. These include vishing (voice phishing) attacks, which impersonate a person’s voice to convince the victim to hand over sensitive details, as well as smishing (SMS phishing), which involves fraudulent text messages purporting to be from a trusted source such as a bank or delivery company.

Social media also has a big part to play in the rise and spread of scams, particularly during the festive season. Businesses and consumers alike are increasingly being targeted with ads or promotions from fraudulent websites, all with the same goal – to steal payment details or personal information.

It’s impossible to look ahead to the future of phishing without focusing on one key area that will define the next era of cybersecurity: AI. We’re already seeing a stratospheric rise in the number of AI-engineered cyberattacks and this will only continue to climb as technologies become even more sophisticated.

Expect to see an increase in convincing deepfakes – realistic videos, images, or audio – that will be harder to detect, as well as more advanced forms of malware and ransomware. As the world becomes increasingly connected, attacks on IoT (Internet of Things) devices will become more prolific, and with more serious repercussions.

While cyber criminals will undoubtedly continue to use AI to their advantage, defenders will also increasingly use AI tools to combat and protect against these ever-evolving threats.

When it comes to phishing, everyone is a target – from individuals right up to large multinationals. All it takes is one weak link to start a domino effect which can end with disastrous consequences. It’s crucial for businesses to train and educate employees on how to spot and effectively handle any phishing attempts that may occur at work.

In response to the uptick in attacks we typically see at this time of year, Landmark Technologies is extending cyber cover for all clients at no extra cost over the Christmas period. This will include enhanced monitoring and response capabilities, as well as additional education and tips on what to watch out for across phishing, ransomware, and business email compromise.

We’ve seen patterns in previous years where attackers ramp up activity, targeting payroll, supplier invoices, and remote access points, so this is a proactive step to help our clients to get ahead and stay ahead.

As the ghosts of phishing past, present, and future slip back into the shadows, the message remains the same: vigilance doesn’t take a holiday. With the right awareness and protections in place, organisations can enjoy the festive break knowing their systems and people are secure.

This Christmas, may your inboxes be filled with goodwill, not malicious links — and may the only surprises be the welcome kind. From all of us at Landmark Technologies, we wish you a safe, secure, and cyber-resilient Christmas and New Year.

To find out more, speak to our highly skilled technical or customer service teams. Call us on 01 569 1056 or email hello@landmark.ie.