Evolving Phishing Scams – Questions and Answers
All types of cybercrime continue to evolve and adapt to overcome the improvements made in cybersecurity technologies and practices. Have you kept up with phishing scams? Do you know how to protect against them?
How Has Phishing Evolved (And How Can You Protect Against It)?
Just as how your firewall and antivirus need to stay updated to protect you against malware, you need to stay up to date on phishing and cybercrime methods to protect yourself.
Did you know that phishing costs businesses (ones like yours) $1.6 million?
Do you have that kind of money to spend on phishing?
Probably not – but let’s back up…
What Is Phishing And How Does It Work?
Phishing is a hacking technique that “fishes” for victims by sending them deceptive emails. Virtually anyone on the internet has seen a phishing attack.
Phishing attacks are mass emails that request confidential information or credentials under pretenses, link to malicious websites or include malware as an attachment.
With only a surprisingly small amount of information, cybercriminals can convincingly pose as business members and superiors in order to persuade employees to give them money, data or crucial information.
Did You Know That Phishing Tactics Are Evolving?
The entire landscape of cybercrime is changing.
It used to be mostly young guys sitting in their parent’s basement, trying to find clever ways to pass the time. Unfortunately, this crime has become so successful that the governments of countries are now involved.
A vast majority of ransomware scandals originate in Russia. The government employs hundreds of hackers. They have teams of IT experts who work around the clock to create new and more effective hacking scams.
When hackers are backed by a government like China, they have practically unlimited resources. This makes them even harder to stop.
If they were merely individuals committing crimes for personal gain, your St. George IT company could more easily protect you, and the authorities could track them down and put them in jail.
But today’s cybercriminals are well-organized agencies that are part of a large foreign government, so stopping them is almost impossible.
What Are Some Of The New Types Of Phishing Scams?
- “Sextortion”
Have you ever sent nude pics to someone?Even if you haven’t, they sometimes claim that they’ve got some from your webcam or they’ve buried pornography on your computer that they plan to expose to the authorities if you don’t pay them.
If you own a business, then this can be a crime that pays well for thieves. They send the business owner a little sample of the erotic photos, then demand money or else they’ll publish them on the Internet.
The problem with this crime is that there’s no guarantee you’ll get all copies of the photos back. You may pay the criminals and still not be sure.
- Gift Cards
This scam is highly successful because typically the thieves don’t ask for very much money.Many victims will go ahead and pay even if they suspect that it’s a trick, just because there are only a few hundred dollars at stake. You may get a phone call from someone saying they’re from a creditor or the IRS. They will speak in hostile threatening tones. They’ll claim that if you don’t pay up immediately, terrible things will happen—maybe your car will be repossessed.
Next, they instruct you to go to a local store like Walmart and buy gift cards in the amount you owe. Once you buy them, you call the thief back and give them the numbers found on the back of the cards. Once they have these, they can use them online to make purchases.
- Wire Fraud Scam
Hackers are targeting the human resource functions of businesses of all types with phishing. They’re convincing employees to swap out direct deposit banking information to offshore accounts.A nonprofit in Kansas City (KVC Health Systems) said that there were numerous attempts each month involving scammers who were trying to convince their payroll personnel to change information about where to send employee pay. The IRS recently released a warning about an uptick in a wide range of fraud attempts involving payroll information.
So how can you protect against these types of scams?
Top 6 Ways To Spot A Phishing Email
Share these key tips with your employees to ensure they know how to spot a phishing attempt:
- Incorrect Domain: Before even taking a look at the body of the message, check out the domain in the sender’s address. Maybe they claim to be from your bank, or a big-name company – but talk is cheap. It’s much more difficult to spoof an actual domain name, and so it’s more common to see domains that are closer, but not 100% correct. If it seems fishy, it probably is.
- Suspicious Links: Always be sure to hover your mouse over a link in an email before clicking it. That allows you to see where it actually leads. While it may look harmless, the actual URL may show otherwise, so always look, and rarely click.
- Spelling and Grammar: Modern cybersecurity awareness comes down to paying attention to the details. When reading a suspicious email, keep an eye out for any typos or glaring errors. Whereas legitimate messages from your bank or vendors would be properly edited, phishing emails are notorious for basic spelling and grammatical mistakes.
- Specificity: Another point to consider is how vague the email is. Whereas legitimate senders will likely have your information already (such as your first name) and will use it in the salutation, scammers will often employ vaguer terminology, such as “Valued Customer” – this allows them to use the same email for multiple targets in a mass attack.
- Urgent and Threatening: If the subject line makes it sound like an emergency — “Your account has been suspended”, or “You’re being hacked” — that’s another red flag. It’s in the scammer’s interest to make you panic and move quickly, which might lead to you overlooking other indicators that it’s a phishing email.
- Attachments: Phishers will often try to get you to open an attachment, so, if you see an attachment in combination with any of the above indicators, it’s only more proof that the email is likely part of a phishing attempt.
In the end, the key to phishing methodology is that it doesn’t rely on digital security vulnerabilities or cutting-edge hacking technology; phishing targets the user, who, without the right training, will always be a security risk, regardless of the IT measures set in place by your St. George IT company.
Making security education a routine for your entire team – management included – is the most effective way to stop a phishing attempt. Waiting for another major cyberattack to start making the rounds is not the time to start investing in your staff’s cybersecurity awareness. Get a second opinion from your St. George IT company to get started on cybersecurity training.
Like this article? Check out the following blogs on cybersecurity to learn more:
AI-Based Cybersecurity (Questions/Answers)