Phishing scams … There are so many. Cyberspace is an awesome frontier, but just as in those old Western movies, attacks can come from any horizon. Most are ambushes.
I have two phishing emails in my junk mail now. One is from Donna, and hey, I do have a friend named Donna. However, my friend Donna wouldn’t say as a subject line, “Hey do we meet before.” The other is from a cell phone company I don’t use, asking me to claim my $50 refund.
Let’s talk about the types of Phishing scams, how they can affect both individuals and businesses, and steps you can take to prevent them.
What is a Phishing Scam?
In short, these scams are attempts to get information such as account numbers and passwords. That information is then most commonly used to steal money or accomplish identity theft.
How do Phishing Scams Work?
There are thousands of attempts by attackers every day. The attackers most often masquerade as a trusted source.
For example, business people use common delivery services such as FedEx and UPS. They may order via Amazon. They use credit cards to complete the orders. Since we are regular customers, we trust these entities. And scammers know this, and use it to their advantage.
Let’s make up a scenario. The owner of a small business is getting increasingly irate. Time-sensitive materials were ordered, but haven’t yet been delivered. If the materials don’t arrive soon, production will stop for the remainder of the day.
Aha! The small business owner sees an email from the delivery service stating that there’s a problem with payment. The owner opens the email and fills in the requested information, which includes his credit card number.
Gotcha. Just like that. Caught in a vulnerable moment. The phishing email has worked.
There are many more methods of Phishing attacks:
Email Phishing Scams
These are common because it can be easy to get email address information. We commonly enter our email address as contact information with many companies. That’s why email phishing is the most common attack launched by scammers.
We can accept that it’s relatively easy for hackers to get our email address information. Most of the time, it’s easy to identify a scam message.
Here is a sample phishing email: There’s a problem with your account, and you must confirm information.
Here is how to respond: There could actually be a problem with an account. Don’t respond to the email. Make a phone call directly to the account.
Whaling and Spear Phishing Attacks
Just as it sounds, these are attacks by cyber criminals on the “big fish” such as companies and/or a company CEO.
The attackers for these phishing campaigns has a higher level of sophistication. In law enforcement, those who break the law are called actors.
There are levels of skill to these criminal actors. Whaling and Spear Phishing are extremely well-planned with a high degree of organization. They aren’t just trying to get one person – bad enough. They are trying to take down a business.
Most often, the victims fall prey to personalized phishing emails that looks like they came from within the company – from a fellow employee or from the boss. The phishing emails may seem very believable, with a subject line that is appropriate to some ongoing company business.
More Common Phishing Techniques
Basic email scams and spear phishing attacks may be the main types of phishing, but there are plenty of other phishing techniques you should be keeping an eye out for.
Business Email Compromise Scams or CEO Fraud
Once you know how this works, you can take steps to prevent it. This fraud may be the worst of all, because it can take down an organization.
First, the sneak attack begins as the infiltrator researches the CEO or manager. Next, typically, a specific employee is contacted, usually through emails. A fraudulent request is made and research shows – the request comes when the CEO or manager is out of the office.
How do they know this? Scammers are smart, wickedly smart. Part of their research may show that the CEO will be attending a certain sales meeting or convention, as announced on the company site. They may choose an employee from the same data source – a new hire is announced.
Smishing Attacks or Fraudulent Text Messages
The name Smishing comes from combing SMS and Phishing. And that’s just what it is. It’s scam phishing via text message. Recipients will see the same types of phishing messages that are used with email, such as “problem with delivery” or “credit card has been compromised.” There are mobile applications (apps) that effectively block spam text messages.
This type of message has viruses, worms, spyware or other malware imbedded within it. Open the message – whether it’s delivered via email or text message- and the recipients quickly turn into victims.
Search Engine Phishing
If you’re surfing the web – shopping for supplies or information – you are vulnerable every time you click on a link. You can inadvertently click on scam phishing websites. These scam web sites may be imbedded as a submenu.
The website and/or the submenu look legitimate, in fact, scammers can make the sites look as if they are the actual company. They use getty images of logos to make the link look real.
Here’s how to defeat this. Before clicking on any link, look at the URL address for the link. Although a site can look real, you can’t fake the URL. The URL link for a fake website will often be a jumble of letters and numbers.
DNS Service Phishing
This scam is Domain Name Server hacking. This is another sophisticated attack, and the scammer can infiltrate via domain names, and actually take over routers. If that’s accomplished, the door is open wide to obtain all kinds of data, including passwords, account information, phone numbers and other information. If you think this has happened, immediately call your internet service provider, and your bank and credit card company.
Pharming is insidious. A hacker slips a malicious code into your computer. This code directs you to a link for fake sites.
Social Media Phishing
This phishing scam takes the form of spying. It’s as if someone was looking over your shoulder. A hacker infiltrates, and records what keystrokes you are making.
This is called Keylogging. It can be recording data you enter, such as the letters, numbers and symbols for a password.
This is also called Clickjacking. Malware is included in online ads and all internet users are suseptible when they click on a link. Malvertising is a particularly successful cyber attack, because well, we can’t resist a good deal.
Pure evil, and feared by companies. Emails are intercepted by hackers, and “altered” before they are continue the recipients. Pictures emails being batted back and forth between two employees, while a crocodile periodically launches from the water, grabs the email, maims it, and sends it on its way.
Similar to Man-In-The-Middle. Messages between people are intercepted. There’s a difference though. Often, a new message is created and the new message refers to information in a previous email.
These are phishing attempts delivered via phone calls, voice mail and/or VOIP calls. Same drill – sound like messages from credit card companies or even a bank. Don’t fall for it. But, could it be real? Call the organization directly.
Phishing Attack Examples
- We want to notify you of some suspicious activity on your credit card account.
- We want to notify you of some problems with your bank accounts.
- Please confirm your account information for our website.
- Here’s a coupon for free samples. Just visit our website.
- You are eligible for a refund.
Those are some examples of typical phishing attack examples. As a response to each one, make a phone call.
What are the Signs of Phishing?
- They often make an error in either grammar or spelling.
- The URL for a website is strange.
- The attachment is suspicious.
- The greeting is, well, strange. Such as “Hello, dear.”
- A sense of desperate urgency is conveyed.
- There’s a request for details about accounts.
Reporting Suspected Phishing
Yes, you’re busy and phishing is so rampant. And when you look at the phishing statistics it can be overwhelming and it’s tough to keep up with any kind of response. But if all phishing isn’t reported, it’ll never diminish and preventing hacking attacks is everyone’s responsibility. Because each report gives authorities more information how to stop the attacks.
Forward emails to firstname.lastname@example.org. Forward texts to SPAM (7726).
How To Prevent Your Business Falling Victim to Phishing Attacks
- Use email signing certificates.
- Use top notch computer security software and update it regularly.
- Conduct training for employees.
- Require multifactor identification (more than 2 credentials).
- Back up data.
What Are Phishing Kits?
As phishing is like fishing, a phishing kit is like a tackle box. It’s a collection of software tools assembled by a scammer. If one doesn’t work, the scammer will have other lures to choose from.
What are current phishing scams?
Wow, it’s cool to have hundreds of FB friends. But a current scam is via the seemingly-innocuous friend request. Your new BFF now trolls your page to glean as much personal information as possible.
This information can be parlayed into use with the Business Email Compromise or CEO fraud scams. Keep a careful watch and rein on what you reveal on your FB page or any public site, such as a group.
How to spot and thwart a phishing email
- Watch for errors in grammar and misspellings.
- If in doubt, contact the “source” directly. Don’t respond to the email.
- Remember that reputable companies don’t ask for personal information by email (or text).
- Don’t open attachments.
- If the email is work related, contact IT.
How does someone steal your credit card numbers and use them?
Here are some of the ways:
- Phishers call or text and ask for info. Always remember that reputable companies don’t call you and ask for personal info. Don’t give out credit card info over the phone unless you have initiated the call.
- Phishers use fake sites. If you’re online shopping or ordering, look for the “https” heading for the URL, and the “lock” symbol on the site.
What are the two types of phishing attack methods?
Email phishing is the most common form of phishing attack. Spear phishing is the same, but different, because the victim is used to spear a bigger fish. Here’s how.
The phishing email is typically an attack on an individual, to get data from that person. Spear fishing may attack an individual, but the aim is to use that individual to get to the bigger “fish” such as an entire business.