ClearPath Solutions protects your privacy. We will ensure your confidentiality.
With phishing on the rise, experts are warning businesses to be more careful. Cybercriminals are constantly fine-tuning and adding to their phishing tactics. Do you know what the biggest new phishing scams are? How can you protect your organization from phishing scams? We’ll tell you here.
Phishing is a term that was adapted from the word “fishing.” When we go fishing, we put a line in the water with bait on it, and we sit back and wait for the fish to come along and take the bait. Maybe the fish was hungry. Perhaps it just wasn’t paying attention. At any rate, eventually a fish will bite, and you’ll have something yummy for dinner.
This is essentially how cyber phishing works. Cyber thieves create an interesting email. It might say that you’ve won a $100 gift certificate from Amazon. Sound too good to be true? Find out! All you have to do is click the link and take a short survey. Easy enough, right?
Once you click the link, a virus is downloaded onto your system. Sometimes it’s malware, and sometimes it’s ransomware. Ransomware encrypts all of your files until you pay a ransom. Even then, there’s no guarantee you’ll get your data restored. Malware is all about stealing credentials, passwords, and other valuable information from your company. Sometimes it’s just about destroying your data.
The best defense is always a good offense, and the same goes when it comes to phishing. To be proactive and stay one step ahead of the criminals, you and your employees must be educated about the different kinds of cyber threats, how to recognize them, and what to do to block them. Below are 3 of the main types of phishing:
1. Phishing websites lure your email recipients and Web users into thinking that a spoofed website is legitimate. The criminal’s goal is to acquire private, confidential data like credit card numbers, personal information, account usernames, and passwords. The victim eventually discovers that his personal identity and other vital information was stolen and exposed. By this time, the hacker is long gone.
2. Spear Phishing is a variation on phishing where criminals send emails to groups of people with common identifiers. A spear phishing email looks as if it’s from a trusted source, but in reality, it’s a hacker trying to obtain classified information. The email may pretend to be from the president of the company, CEO, CFO, or even from a large financial institution. This is a form of CEO Fraud.
3. CEO Fraud (or what the FBI terms as BEC – Business Email Compromise) is where criminals spoof company email accounts and impersonate executives to try and fool an employee into performing unauthorized wire transfers.
Each day, hackers are able to trick people into clicking on bad links. Sometimes hackers are looking for a quick buck by stealing your credit card information. Other times, they’re looking for personal information they can sell to other criminals on the Dark Web. Any cyber attack can cripple your company and cost it thousands of dollars to fix.
The entire landscape of cybercrime is changing. According to the Department of Homeland Security, early forms of phishing emails (i.e., general phishing) didn’t target specific individuals. Some of these phishing emails are still prevalent today and contain the hallmarks of poor grammar, spelling, and, “too good to be true” claims.
Today, phishing emails may appear to originate from a well-known company, agency, university, or individual. Spear-phishing messages are particularly convincing when they contain “insider information” relevant to the targeted organization or individual. And they have been made more effective through the use of stolen vendor credentials.
And now we have whaling which is a targeted phishing attack aimed at wealthy, powerful, or prominent individuals (e.g., C-suite executives such as chief financial officers and chief executive officers, politicians, and celebrities).
Unfortunately, much of this crime has become so successful that the governments of countries are now involved. Many ransomware scandals originate in Russia, China, Iran and North Korea. They have teams of IT experts who work to create new and more effective hacking scams.
It’s essential for you to say up-to-date on the latest phishing scams. Below, are some of the newest ones:
Gift Cards: This scam is highly successful because typically the thieves don’t ask for very much money. Many victims will go ahead and pay even if they suspect that it’s a trick, just because there are only a few hundred dollars at stake.
You may get a phone call from someone saying they’re from a creditor or the IRS. They will speak in hostile threatening tones. They’ll claim that if you don’t pay up immediately, terrible things will happen; that perhaps your car will be repossessed.
Next, they instruct you to go to a local store like Walmart and buy gift cards in the amount you owe. Once you buy them, you call the thief back and give them the numbers found on the back of the cards. Once they have these, they can use them online to make purchases.
Sextortion: This can be a crime that pays well for thieves. They send the user a little sample of erotic photos; then they demand money or they say that they’ll publish them on the Internet.
Most of these sexortation scams aren’t legitimate. In many cases, the phishing emails claim to have photos of the victim, when in fact they don’t. They claim to have recorded them watching pornography, capturing the images/video on screen using their PC’s webcam. They say that they have the victim’s passwords and will send these recordings to their entire contact list, when in fact they don’t.
Phishing/Ransomware: Phishing crimes have become so successful that now there are variants like spear-phishing, vishing, and smishing. These are all forms of the same ruse. A hacker will send you a very convincing email. It may say something like, “Congratulations! You’ve just won $100 from Amazon. Click on the link below to claim your prize.”
Wire Fraud Scam: Hackers are targeting the human resource functions of businesses of all types with phishing. They’re convincing employees to swap out direct deposit banking information to offshore accounts.
A nonprofit in Kansas City (KVC Health Systems) said that there were numerous attempts each month involving scammers who were trying to convince their payroll personnel to change information about where to send employee pay.
The IRS has released a warning about an uptick in a wide range of fraud attempts involving payroll information.
As a business owner, you’ve spent years building a great company. Now some lazy hacker is trying to steal everything you’ve worked for. The first thing you need is knowledge. It’s important to stay current with the latest scams, and you need to know how cyber attacks occur.
These are things you can do to prevent phishing from harming your business:
In the meantime, stay up to date on what’s happening in the world of information technology. Visit our Blog. Here are a few articles to get you started: