As you probably know, phishing scams are on the increase. There are so many of them now. Cyberspace is an awesome frontier, but just as in those old Western movies, attacks can come from any horizon. Most are ambushes. In this article, we will talk about how phishing scams can affect both individuals and businesses and how to avoid falling for phishing scams.
What is a Phishing Scam?
These scams are attempts to get information such as account numbers and passwords. That information is then most commonly used to steal money or accomplish identity theft.
What are the Signs of Phishing?
If you are wondering what phishing looks like, check out the signs below
- They often make an error in either grammar or spelling.
- The URL for a website is strange.
- The attachment is suspicious.
- The greeting is, well, strange. Such as “Hello, dear.”
- A sense of desperate urgency is conveyed.
- There’s a request for details about accounts.
How do Phishing Scams Work?
There are thousands of attempts by attackers every day. The attackers most often masquerade as a trusted source.
For example, business people use common delivery services such as FedEx and UPS. They may order via Amazon. They use credit cards to complete the orders. Since we are regular customers, we trust these entities. And scammers know this, and use it to their advantage.
Let us consider this scenario.
The owner of a small business is getting increasingly irate. Time-sensitive materials were ordered, but haven’t yet been delivered. If the materials don’t arrive soon, production will stop for the remainder of the day. The small business owner sees an email from the delivery service stating that there’s a problem with payment. The owner opens the email and fills in the requested information, which includes his credit card number.
Aside this scenario, there are many more methods of Phishing attacks.
Examples of Phishing Scams
Email Phishing Scams
These are common because it can be easy to get email address information. We commonly enter our email address as contact information with many companies. That’s why email phishing is the most common attack launched by scammers.
Whaling and Spear Phishing Attacks
Just as it sounds, these are attacks by cyber criminals on the “big fish” such as companies and/or a company CEO. The attackers for these phishing campaigns has a higher level of sophistication. In law enforcement, those who break the law are called actors.
Most often, the victims fall prey to personalized phishing emails that looks like they came from within the company – from a fellow employee or from the boss. The phishing emails may seem very believable, with a subject line that is appropriate to some ongoing company business.
More Common Phishing Techniques
Basic email scams and spear phishing attacks may be the main types of phishing, but there are plenty of other phishing techniques you should be keeping an eye out for.
Business Email Compromise Scams or CEO Fraud
Once you know how this works, you can take steps to prevent it. This fraud may be the worst of all, because it can take down an organization. First, the sneak attack begins as the infiltrator researches the CEO or manager. Next, typically, a specific employee is contacted, usually through emails. A fraudulent request is made and research shows – the request comes when the CEO or manager is out of the office.
How do they know this? Scammers are smart, wickedly smart. Part of their research may show that the CEO will be attending a certain sales meeting or convention, as announced on the company site. They may choose an employee from the same data source – a new hire is announced.
Smishing Attacks or Fraudulent Text Messages
The name Smishing comes from combing SMS and Phishing. And that’s just what it is. It is scam phishing via text message. Recipients will see the same types of phishing messages that are used with email, such as “problem with delivery” or “credit card has been compromised.” There are mobile applications (apps) that effectively block spam text messages.
Malware Phishing
This type of message has viruses, worms, spyware or other malware imbedded within it. Open the message – whether it’s delivered via email or text message- and the recipients quickly turn into victims.
Search Engine Phishing
If you’re surfing the web – shopping for supplies or information – you are vulnerable every time you click on a link. You can inadvertently click on scam phishing websites. These scam web sites may be imbedded as a submenu.
The website and/or the submenu look legitimate, in fact, scammers can make the sites look as if they are the actual company. They use Getty images of logos to make the link look real.
Here’s how to defeat this. Before clicking on any link, look at the URL address for the link. Although a site can look real, you can’t fake the URL. The URL link for a fake website will often be a jumble of letters and numbers.
DNS Service Phishing
This scam is Domain Name Server hacking. This is another sophisticated attack, and the scammer can infiltrate via domain names, and actually take over routers. If that’s accomplished, the door is open wide to obtain all kinds of data, including passwords, account information, phone numbers and other information. If you think this has happened, immediately call your internet service provider, and your bank and credit card company.
Pharming
Pharming is insidious. A hacker slips a malicious code into your computer. This code directs you to a link for fake sites.
Social Media Phishing
This phishing scam takes the form of spying. It’s as if someone was looking over your shoulder. A hacker infiltrates, and records what keystrokes you are making. This is called Keylogging. It can be recording data you enter, such as the letters, numbers and symbols for a password.
Malvertising
This is also called Clickjacking. Malware is included in online ads and all internet users are susceptible when they click on a link. Malvertising is a particularly successful cyber attack, because well, we can’t resist a good deal.
Man-In-The-Middle-Attack
Pure evil, and feared by companies. Emails are intercepted by hackers, and “altered” before they are continue the recipients. Pictures emails being batted back and forth between two employees, while a crocodile periodically launches from the water, grabs the email, maims it, and sends it on its way.
Clone Phishing
Similar to Man-In-The-Middle. Messages between people are intercepted. There’s a difference though. Often, a new message is created and the new message refers to information in a previous email.
Vishing
These are phishing attempts you receive via phone calls, voice mail and/or VOIP calls. Same drill – sound like messages from credit card companies or even a bank. Don’t fall for it. But, could it be real? Call the organization directly.
Phishing Attack Examples
Below are some examples of phishing attacks
- We want to notify you of some suspicious activity on your credit card account.
- We want to notify you of some problems with your bank accounts.
- Please confirm your account information for our website.
- Here’s a coupon for free samples. Just visit our website.
- You are eligible for a refund.
How To Prevent Your Business Falling Victim to Phishing Attacks
Below are some tips on how to avoid falling for phishing scams
- Use email signing certificates.
- Use top notch computer security software and update it regularly.
- Conduct training for employees.
- Require multifactor identification (more than 2 credentials).
- Back up data.
If you like this article on “How to Avoid Falling for Phishing Scams”, share it with your friends and family. Also, subscribe to our newsletter and YouTube Channel to ensure you don’t miss any update from us. Finally, don’t forget to join our community to connect with others. Lastly, you can also follow us on our social media pages – Twitter, Facebook, Instagram and LinkedIn.