Six Phishing Scams that Can Hobble Your Business
The term “phishing” refers to a type of cybercrime that involves the use of emails or other electronic communication to trick the recipient into divulging sensitive information, clicking on harmful links, or opening malicious attachments.
Although email is the most frequently used delivery method for such attacks, cybercriminals may also utilize text messages, direct messages on social media, fake websites, voicemails, or even make actual phone calls to the target.
Types of Phishing Scams
Phishing is a commonly utilized tactic in many large-scale cyberattacks. In fact, according to APWG’s Phishing Activity Trends Report for Q3 2022, phishing attacks hit an all-time high in 2022. With more than 1,270,000 attacks recorded in Q3 alone, this was the worst quarter on record. What makes phishing so frustrating is that most of us know what it is and how it works, but we still get caught. Common phishing scams include:
1. Deceptive phishing—Deceptive involves a cybercriminal posing as a trusted sender to acquire sensitive information and login credentials from the victim. These emails typically request the recipient to confirm account details, update a password, or initiate a payment, all designed to deceive the target.
2. Spear phishing—A spear-phishing scheme targets specific individuals or businesses and employs tailored information to persuade victims to disclose their data. In such cases, cybercriminals study a victim's online habits - such as their shopping behavior or social media activity - to gather personal information that makes their approach seem authentic.
3. Whaling—Whaling aims to trick high-profile targets such as C-level executives into revealing sensitive information, including payroll data or intellectual property. Ironically, many executives claim to be “too busy” to attend security awareness trainings, making them vulnerable to these scams.
4. Vishing—Vishing, or "voice phishing," consists of a criminal calling a target's phone to elicit personal or financial information. These scammers frequently masquerade as trusted entities, such as banks or law enforcement, and use urgency or fear tactics to deceive victims into surrendering sensitive information.
5. Smishing—Smishing refers to "SMS phishing" and embeds malicious links into SMS text messages. The messages used in this type of phishing attempt may appear to originate from reputable sources and entice victims with promises of coupons, gift cards, or opportunities to win prizes.
6. Pharming—Pharming is a sophisticated method of phishing that installs a malicious program onto the victim’s computer to redirect traffic to the criminal’s website. Once users input their login credentials or personal information on the fraudulent site, the perpetrator now has access to this data.
How to Protect Against Phishing Scams
As phishing scams proliferate, business leaders and employees must remain vigilant about cybersecurity. No single cybersecurity solution can prevent all phishing attacks. However, the following actions can reduce their frequency and severity:
Stay informed about phishing techniques. IT administrators should keep abreast of new phishing scams and train employees to watch for them. Mock phishing exercises can help prepare employees for real attempts.
Examine a message before clicking. Phishing scams often contain URLs that are slightly inaccurate, so check the sender’s web address before clicking on the website. A secure website always starts with "https" rather than simply “http.” If uncertain, it’s best to type the destination in a web browser rather than clicking on a potentially dangerous link. In addition, phishing scams will tug upon heartstrings and play upon the recipient’s fears, so messages that are designed to incite such emotions should be treated with suspicion.
Keep computer systems up to date. When software developers discover a vulnerability, they will release a patch as soon thereafter as possible. It’s critical to deploy these patches in a timely fashion. Cybercriminals inevitably discover these vulnerabilities and find ways to exploit them. This applies to browser updates as well.
Never give out personal information. As a rule, you should never share personal or financially sensitive information in response to an unsolicited message. When in doubt, go to the company's website directly, or call to see if the request is legitimate.
Use antivirus software. Implement antivirus software on all workstations to detect and prevent phishing attacks.
Back up data regularly. Since phishing attacks often leave behind malware, including ransomware, companies should back up their data at a regular cadence, so attacks don't hinder the organization's productivity.
Phishing scams are becoming more sophisticated and the consequences of them can be severe. By taking the proper precautions, organizations can safeguard their data, as well as their financial well-being and reputation.
For more information, visit Alliant Cyber
News & Resources
Silicon Valley Bank (SVB) - Rebuilding Confidence in the Banking Industry
Ron Borys and Ryan Farnsworth are joined by guests, Steve Shappell and David Finz, to continue the discussion around the turmoil which has hit the banking industry over the past two weeks.
Alliant Insurance Services to Launch Cyber P&C Specialty at RISKWORLD® Booth #2433
Alliant Cyber combines industry-leading consultative cyber risk and advisory services, risk quantification and third-party cyber security solutions with a cloud-based technology platform to deliver “Cyber Insurability 2.0,” an innovative new approach to cyber risk management.