Three Cybersecurity Trends to Watch Out for in 2023
Sophisticated phishing, vishing and ransomware campaigns could be aimed at a widening field of targets – but there are things you can do to protect yourself.
In recent years, there have been a number of innovative threats and expanding field of targets-and there are no indications that cybercriminals would slow down in 2023. Watch out for these trends and adopt these cybersecurity best practices to help protect yourself wherever you are.
1. Social engineering attacks are getting even more sophisticated.
- Phishing attacks are no longer just simple emails mimicking communications from legitimate services. Cybercriminals are doing their research and sending highly convincing messages through varying messaging platforms, often supported by target information they've gathered from data breaches. For example, a cybercriminal can combine data from a compromised e-commerce retail site with information from social media to create customized, targeted attacks.
- Cybercriminals also try to vish (a combination of the words “voice” and “phishing” conducted via telephone) by obtaining personal information or convincing you to install remote access tools that then deploy malicious software to gain entry into your network and data. “Vishers” can use the information and trust developed on these calls to launch effective cyberattacks, such as phishing.
- Criminals are incorporating artificial intelligence (AI) in more polished phishing campaigns. Chatbots can be used to create full and convincing natural language phishing messages or fake job advertisements to support fraudulent campaigns. As language and video AI models advance, scammers could also be able to impersonate real people in real time with deepfakes, tricking victims into providing their financial and personal information. This is why it’s imperative to independently validate all requests for information, money or potential access to personal information.
2. Lucrative ransomware attacks could be used by more threat groups.
- Ransomware groups are using innovative phishing tactics to gain a foothold within target companies. New extortion tactics and threats could be part of this year's push for more ransom payments.
- Cybercriminals are also expanding the targets of their attacks to small and mid-size to large institutions.
3. Supply chain attacks, data breaches and DDoS (Distributed Denial of Service) attacks could remain a threat.
- Cybercriminals are finding ways to breach standard multi-factor authentication (MFA) technologies. Businesses and individuals using weak authentication methods are left vulnerable to data breaches and the loss of consumer information.
- Open source code repositories are a valuable legitimate resource for technology teams, but cybercriminals have been known to upload malicious packages into such repositories as well. They want targeted developers to inadvertently download malicious code and infect downstream organizations.
- World events have further complicated the threat landscape. Geopolitical conflict is acting as a catalyst for polarization of the criminal underground and an increasing number of attempts that include DDoS attacks.
- As businesses are now so interconnected and reliant on one another for information and services, supply chain attacks or self-propagating malware that spreads beyond its intended target are also possible.
To help protect yourself from these potential threats, you can incorporate these practices into your day-to-day.
- Keep your devices and your apps up-to-date. When using any software or application, it's always important to apply security patches and updates as soon as they become available. This ensures identified vulnerabilities are remediated in a timely manner.
- Choose unique passwords and use multifactor authentication. Longer passwords are harder to break than shorter ones. Consider creating a passphrase and turn on multifactor authentication wherever it's available.
- Be smart about social media. Don't share too much personal information on your social media accounts, and review the privacy controls.
- Don't get phished. No matter how creative the phishing scam, common sense is your best defense. If something seems suspicious or doesn't feel right, then it probably isn't. Familiarize yourself with signs you should look out for in suspicious emails – and how to report them.
- Back up your data. Use cloud based services or external hard drives to copy your important data to a separate location.
The information is provided for educational and informational purposes only and is not intended, nor should it be relied upon, to address every aspect of the subject discussed herein. The information provided is intended to help you protect yourself from cyber fraud. It does not provide a comprehensive list of all types of cyber fraud activities and it does not identify all types of cybersecurity best practices. You, your company or organization are responsible for determining how to best protect against cyber fraud activities and for selecting the cybersecurity best practices that are most appropriate to your needs.
This material is for informational purposes only, and may inform you of certain products and services offered by J.P. Morgan’s wealth management businesses, part of JPMorgan Chase & Co. (“JPM”). Products and services described, as well as associated fees, charges and interest rates, are subject to change in accordance with the applicable account agreements and may differ among geographic locations. Not all products and services are offered at all locations. If you are a person with a disability and need additional support accessing this material, please contact your J.P. Morgan team or email us at firstname.lastname@example.org for assistance. Please read all Important Information.
GENERAL RISKS & CONSIDERATIONS. Any views, strategies or products discussed in this material may not be appropriate for all individuals and are subject to risks. Investors may get back less than they invested, and past performance is not a reliable indicator of future results. Asset allocation/diversification does not guarantee a profit or protect against loss. Nothing in this material should be relied upon in isolation for the purpose of making an investment decision. You are urged to consider carefully whether the services, products, asset classes (e.g. equities, fixed income, alternative investments, commodities, etc.) or strategies discussed are suitable to your needs. You must also consider the objectives, risks, charges, and expenses associated with an investment service, product or strategy prior to making an investment decision. For this and more complete information, including discussion of your goals/situation, contact your J.P. Morgan representative.
NON-RELIANCE. Certain information contained in this material is believed to be reliable; however, JPM does not represent or warrant its accuracy, reliability or completeness, or accept any liability for any loss or damage (whether direct or indirect) arising out of the use of all or any part of this material. No representation or warranty should be made with regard to any computations, graphs, tables, diagrams or commentary in this material, which are provided for illustration/reference purposes only. The views, opinions, estimates and strategies expressed in this material constitute our judgment based on current market conditions and are subject to change without notice. JPM assumes no duty to update any information in this material in the event that such information changes. Views, opinions, estimates and strategies expressed herein may differ from those expressed by other areas of JPM, views expressed for other purposes or in other contexts, and this material should not be regarded as a research report. Any projected results and risks are based solely on hypothetical examples cited, and actual results and risks could vary depending on specific circumstances. Forward-looking statements should not be considered as guarantees or predictions of future events.
Nothing in this document shall be construed as giving rise to any duty of care owed to, or advisory relationship with, you or any third party. Nothing in this document shall be regarded as an offer, solicitation, recommendation or advice (whether financial, accounting, legal, tax or other) given by J.P. Morgan and/or its officers or employees, irrespective of whether or not such communication was given at your request. J.P. Morgan and its affiliates and employees do not provide tax, legal or accounting advice. You should consult your own tax, legal and accounting advisors before engaging in any financial transactions.
Legal Entity and Regulatory Information.
J.P. Morgan Wealth Management is a business of JPMorgan Chase & Co., which offers investment products and services through J.P. Morgan Securities LLC (JPMS), a registered broker-dealer and investment adviser, member FINRA and SIPC. Insurance products are made available through Chase Insurance Agency, Inc. (CIA), a licensed insurance agency, doing business as Chase Insurance Agency Services, Inc. in Florida. Certain custody and other services are provided by JPMorgan Chase Bank, N.A. (JPMCB). JPMS, CIA and JPMCB are affiliated companies under the common control of JPMorgan Chase & Co. Products not available in all states.
Bank deposit accounts and related services, such as checking, savings and bank lending, are offered by JPMorgan Chase Bank, N.A. Member FDIC.
This document may provide information about the brokerage and investment advisory services provided by J.P. Morgan Securities LLC (“JPMS”). The agreements entered into with JPMS, and corresponding disclosures provided with respect to the different products and services provided by JPMS (including our Form ADV disclosure brochure, if and when applicable), contain important information about the capacity in which we will be acting. You should read them all carefully. We encourage clients to speak to their JPMS representative regarding the nature of the products and services and to ask any questions they may have about the difference between brokerage and investment advisory services, including the obligation to disclose conflicts of interests and to act in the best interests of our clients.
J.P. Morgan may hold a position for itself or our other clients which may not be consistent with the information, opinions, estimates, investment strategies or views expressed in this document. JPMorgan Chase & Co. or its affiliates may hold a position or act as market maker in the financial instruments of any issuer discussed herein or act as an underwriter, placement agent, advisor or lender to such issuer.
© 2023 JPMorgan Chase & Co. All rights reserved
Securities-based lines of credit are extended at the discretion of JPMorgan Chase Bank, N.A. (“Chase Bank”) and Chase Bank has no commitment to extend a line of credit or make loans available to you under a line of credit. Any loan extended under a securities-based line of credit is subject to credit approval by Chase Bank and, if approved, the terms and conditions contained in definitive loan documentation governing the line of credit. Proceeds from a securities-based line of credit cannot be used to purchase, carry or trade securities. A line of credit collateralized by the securities in your investment account(s) involves certain risks and may not be suitable for all borrowers. Chase Bank assigns values to these securities and, at any time and without notice to you, may increase or decrease these values or change the eligibility of these securities as collateral. A decline in the value of these securities collateralizing your securities-based line of credit (whether due to a market downturn, market volatility or otherwise) directly impacts the amount of credit available to you and may require you to provide additional collateral and/or pay down your line of credit in order to avoid the forced sale of these securities by Chase Bank. The securities in your account may be sold to meet a collateral shortfall, and Chase Bank may sell your securities without contacting you. Some or all of the securities sold to meet a collateral shortfall may be sold at prices higher than their initial cost, which may result in adverse tax consequences. You should consult your tax advisor to fully understand the tax implications associated with pledging securities in connection with a loan. Please review these and other risks in more detail with your advisor, and make sure to read your line of credit documentation carefully so that you fully understand your obligations and the risks associated with this opportunity. An exercise of remedies by Chase Bank in connection with your securities-based line of credit may a ect the performance of your investment management or investment advisory account(s), and may cause such accounts to no longer conform to applicable investment guidelines. When selling securities, Chase Bank is not required to act in accordance with any fiduciary duty Chase Bank and its a liates might otherwise have as your investment manager or investment advisor. It is important to note that Chase Bank and its a liates may earn more if you borrow against your securities and other assets rather than liquidate assets to meet your cash needs. The Secured Overnight Financing Rate (“SOFR”) is a broad measure of the cost of borrowing cash overnight collateralized by U.S. Treasury securities. The SOFR is published by the Federal Reserve Bank of New York and is determined based on certain transactions in the U.S. dollar Treasury repo market. Since the SOFR is an overnight rate, it is published every Banking Day, but is e ective for the Banking Day prior to the date of publication. Refer to your definitive loan documentation for a definition of “Banking Day.” Because the SOFR is administered by the Federal Reserve Bank of New York, the Bank has no control over its determination, calculation or publication, and the Federal Reserve Bank of New York may alter the methods of calculation, publication schedule, rate revision practices or availability of the SOFR at any time without notice. The SOFR is a floating interest rate option, and changes in the SOFR can lead to a higher or lower cost of borrowing.