Phishing, the practice of impersonating trusted people or representatives of trusted entities in an effort to fraudulently obtain valuable information (e.g. credit card details), has caused problems since the inception of the internet. Even the most tech-savvy individual can be fooled if they let their guard down. Compounding the problem, phishers keep tweaking their methods.

We’re now in 2021, and it’s a good time to look at how phishing scams have changed over the years: one 2020 survey found that 53% of respondents had noticed more phishing attempts since the COVID-19 pandemic began, and that trend has continued. What do people need to do to stay safe today? What threats do they need to recognise? Let’s run through some revisions and set out some tips for staying ahead of the phishers.

They’re focusing on home deliveries due to lockdowns

Unable to attend large social gatherings, go to their regular offices, or do much brick-and-mortar shopping (with countless retail stores closed), people have been spending heavily online. Older people who wouldn’t otherwise have tried ecommerce have become accustomed to it — and this is good in many ways, but it also presents opportunities for fraudsters.

Knowing that shoppers will be receiving plenty of confirmation emails, phishers can do things like pose as couriers and request fees to cover import costs that seem plausible. So plausible, in fact, that it can be hard to spot the fakes. In the end, it comes down to investigation (tools like the email lookup service at WhatIsMyIPAddress.com can expose email origins) and requesting confirmation (a quick live-chat conversation with a retailer can clarify the legitimacy of an email).

What you need to do: read ecommerce emails very carefully before clicking any links.

They’re exploiting interest in COVID-19 vaccination

For obvious reasons, people are extremely eager to receive their COVID-19 vaccinations as swiftly as possible, but inconsistent rollouts and confusing updates lead them to simply hope they’ll be notified when they can proceed. Due to this, when they receive messages stating they can enter their details to find out when they can be vaccinated, or even pay to move up the queue, they can be so eager to continue that they don’t question them.

It doesn’t help that most people don’t know which regional or national medical bodies are responsible for handling vaccinations in their areas (aside from huge bodies like the NHS). If they did have that information, they’d be more likely to spot messaging inconsistencies. This might seem like a fixed-term tactic destined to become useless once all adults have been vaccinated, but the likely need for boosters will ensure that it sticks around for quite some time.

What you need to do: check the details of your medical body so you can spot phishing.

They’re targeting remote-working business communications

Email has always been used heavily for business purposes, but its importance has risen significantly during the pandemic era. Companies trying to keep going while working remotely have come to rely on broad digital communications — and those communications can be compromised by enterprising fraudsters.

If someone can figure out the hierarchy of a business (often easily done), they can pose as someone’s boss through spoofing their email address (Barracuda’s explanation) and attempt to rush them into taking some kind of action (like authorising a payment, for instance) without checking. This may not be effective very often, but when it is effective it can prove incredibly lucrative (and dangerous for the company, of course).

What you need to do: use a closed comms system (instead of email) for business discussions.

Wrapping up, phishing schemes have changed in 2021 to take advantage of new norms in how we live, work, and look for news. Staying ahead of them is all about changing your habits: reading things more closely, and siloing key business conversations to protect them.