Since the outbreak of COVID-19, there has been a universal trend of an increase in cyber-attacks as more people take their presence online for work and to connect with loved ones. As businesses transition to remote work and operations, cyber security and best practices are easily overlooked; creating the perfect opportunity for scammers to strike.
The name of a phisher’s game is to deploy a sneaky little trick on you and see if you will take the bait—also known as a Phishing Scam.
Let’s start off by defining what a phishing scam is. Phishing is a type of cybercrime that targets individuals and sends them an email disguised and spoofed to look like it came from a legitimate source in hopes that you will provide them with sensitive information such as your login credentials. Hackers will tempt you to download attachments or go to malicious links that will grant them entry to your data and steal your valuable information.
Another common form of phishing attacks is a BEC attack, or Business Email Compromise attack. This is when a cybercriminal successfully hacks an individual’s email and is now impersonating that individual by sending seemingly authentic emails to trick you into relaying valuable information or carrying out a business transaction, such as buying gift cards.
These phishing scams are popping up at an alarming rate with each passing day—the FBI reported that phishing scams were the most common type of cybercrime in 2020, nearly doubling in frequency from the previous year. 75% of enterprises worldwide experienced a phishing attack in 2020, and another 65% encountered BEC attacks. Both scams are dangerous and could be detrimental to your livelihood or that of your business if successful.
Phishing Scam Email Tips
Our expert IT technicians are here to lend a helping hand with a few handy tips to help you spot a phishing scam email:
Take note of who the email is from. Look at the sender’s email address—most of the time, hackers will make a subtle change to the email address by adding an additional letter to disguise their invalid email. So, if a hacker decided to disguise themselves as your supervisor, Jill Smith, they might add a third L to Jill in the email address making it all too easy for someone to overlook on a day-to-day basis.
Keep a wary eye out for attachments. Cyber criminals often send attachments to entice you to open and download spyware, ransomware, or a virus to your device. Make sure you are certain that the sender is someone you know, and the email address is legitimate before opening any attachments.
Look before clicking on any links! It is important to get into the habit of hovering your cursor over the link to inspect where the link is going to take you. Scammers are professional criminals; disguising a link to look like a genuine website is second nature to them. By briefly holding your cursor over the link, you will see the true URL of where the link will take you to—please, DO NOT CLICK! If the URL does not match and you are experiencing a sense of doubt, do yourself a favor and avoid clicking on the link. To be completely safe, opt for a simple Google search which will take you directly to the authentic source.
Read the message clearly and read between the lines. This is especially important if you think you might be facing a BEC attack. If the email address is identical to someone you know, you are not in the clear yet. It is extremely common for a cyber criminal to ask for gift card purchases rather than a set of login credentials because it equates to fast money. If a co-worker or a supervisor asks you to purchase gift cards for the office and request that you send them the information located on the card, just know that this is a textbook scam attempt.
Other signs in the message that point to a cyber-attack are:
Generic greetings
Spelling errors
A sense of urgency
A call to action
If there is any seed of doubt, ask yourself: Am I expecting something from this person? Is what they are asking of me out of character for them?
If You Think a Phishing Scam Has Been Deployed On You:
Inform your supervisor and IT department immediately
NEVER respond to the suspected email—by responding to the email, you are informing the cyber criminal that your email address is active and being monitored
And if you are caught in a ransomware attack, NEVER EVER pay the ransom! There is no guarantee that the cyber criminal will decrypt your files after payment.
Keep an eye on Dark Web status (this will alert you if your name and any other personal information has been detected on the Dark Web)
As we’ve witnessed with the recent cyber-attacks on FireEye and Colonial Pipeline, cyber criminals are working harder than ever to deploy attacks that are more sophisticated than the last. Protecting your devices and your network is critical to safeguarding your data and your livelihood—so in addition to your Anti-Virus, firewalls, and other zero trust applications, make sure you carry out the best practices shared by our IT experts so you don’t take the bait when scammers go phishing.
For more information to protect your network, see our article on Zero Trusthere. Contact Us at 561-969-1616 to get a free cyber security assessment for your business or fill out the form on the top left above!
Chuck Poole, CISSP CEO of PalmTech Computer Solutions
Works Cited: Rosenthal, Maddie. “Phishing Statistics (Updated 2021): 50+ Important Phishing Stats.” Tessian, 12 May 2021, www.tessian.com/blog/phishing-statistics-2020/.
About the Author: Chuck Poole, CISSP, CEO of PalmTech Computer Solutions
More than 40 years ago, Chuck Poole set his eyes on one of the first "Personal Computers" commercially available and it was love at first sight. He was so enamored with computers that some people worried he might never do anything else - and they were absolutely right. Learn More.
Be sure to check out my other articles on our blog here:
You must be logged in to post a comment.