In today’s rapidly changing digital landscape, businesses and consumers face a constant stream of cyberthreats – not just during peak periods like tax season, back-to-school, and holiday shopping, but all year. In fact, according to Barracuda’s 2025 Email Threats Report, 24% of email messages overall are now malicious or unwanted spam.
Common threats affecting businesses have evolved beyond phishing and now include vishing, QR code phishing (quishing), and phishing-as-a-service (PhaaS). These attacks are increasingly sophisticated, often targeting credential theft and exploiting trusted channels (like phone calls or voicemail) to bypass traditional security measures.
MSPs can protect themselves and their clients from these attacks by implementing appropriate technology and providing employee awareness training. This training helps individuals identify scams and avoid becoming victims.
AI is making it easier to perpetrate phishing, vishing, and “quishing” attacks
Phishing emails once featured poor grammar and unbelievable scenarios, which made them easy to identify. In contrast, modern criminals use artificial intellegence (AI) to craft highly convincing emails that can mislead even the most attentive recipients.
In recent years, scammers have increasingly utilized widely accessible advanced voice cloning technology to carry out vishing attacks. In these schemes, they impersonate reputable companies or professionals to extract sensitive information from unsuspecting targets. As a result, these attacks have grown notably harder to identify and prevent, posing a greater risk to individuals and businesses alike.
Spear phishing is a sophisticated cyberattack method where attackers tailor deceptive messages targeting specific individuals or organizations. They often gather personal information from social media to enhance the illusion of authenticity. For example, a spear phishing email may come from a trusted colleague or business partner, fostering a misleading sense of security. Attackers are increasingly using AI to refine their tactics by leveraging personal details to create convincing impersonations. In some cases, they incorporate deepfake audio and video to further enhance credibility. Consequently, spear phishing presents serious risks to individuals and organizations. Unaware victims may unintentionally disclose sensitive data or download malware, leading to significant financial and data security challenges.
Furthermore, the rise of “squishing” – a phishing technique in which cybercriminals use QR codes to trick victims into visiting malicious websites or downloading malware – underscores the growing sophistication of these attacks. These QR codes, often recognized and trusted by users, allow criminals to circumvent traditional security measures, potentially leading victims to unknowingly reveal sensitive information, such as login credentials and financial data.
Finally, PhaaS is rapidly evolving with threat actors exploiting trusted URL protection services and content platforms – including graphic design collaboration tools – to host malicious links, bypassing traditional defenses. Advanced social engineering tactics now leverage personalized emotional appeals, using social media data to craft highly targeted extortion and sextortion campaigns. Attackers are increasingly using ASCII-based QR codes and voicemail lures in their campaigns. To evade detection filters, they shift phishing content from email bodies to attachments or Blob URIs. These trends underscore the growing sophistication of PhaaS, demanding proactive, multi-layered security strategies to counter increasingly stealthy and personalized threats.
These types of attacks can seriously disrupt operations. Companies often must redirect resources to address the breach, investigate what happened, and rebuild any compromised systems. Additionally, they may encounter financial losses and harm to their reputation.
MSPs play an important role in fighting email scams
Managed service providers (MSPs) can protect their customers from sophisticated threats by implementing strong security measures. Continuous threat monitoring and swift incident response further enhance their ability to safeguard client systems. By collaborating with an MSP, businesses can improve their cybersecurity posture and reduce risks related to potential breaches.
Addressing sophisticated threats requires a combination of technology and, most importantly, end-user training. The following are some key strategies and tactics MSPs can leverage:
- User education: Regularly inform clients and their employees that organizations will never ask for sensitive information through unsolicited emails or phone calls. Always direct suspicious communications to the official channels for verification.
- Multi-factor authentication (MFA): Encourage clients to activate MFA across all accounts, especially those related to finances. For additional security, authenticator apps are preferable to SMS.
- Strong password practices: Promote robust password management strategies and the importance of document encryption to safeguard sensitive data.
- Regular security audits: Conduct consistent security assessments and offer cybersecurity awareness training. Phishing simulations can effectively pinpoint organizational vulnerabilities and identify staff needing extra training.
- Social media vigilance: Advise executives and key personnel to tighten privacy settings on social media to limit the exposure of information that could be exploited in targeted attacks.
- AI and machine learning: Leverage cutting-edge AI and machine learning tools to detect anomalous email activity or behavior, allowing quicker and more accurate responses than traditional methods.
- Staying informed: Encourage ongoing research and awareness of emerging email threats and scam techniques. The IRS and other organizations frequently update their resources on avoiding scams and can serve as valuable references.
As cyberthreats continue to evolve, MSPs must remain vigilant and proactive in their approach to protecting clients. MSPs can mitigate the risks of year-round cyber scams by employing advanced security strategies. By also fostering awareness, they help strengthen their clients’ defenses against evolving threats.
This article was originally published at Managed Services Journal.
Photo: Yuri A / Shutterstock
This post originally appeared on Smarter MSP.