Phishing Has Evolved
Phishing – and cybercrime – never stop evolving. Just this year, a new variation of phishing was discovered, in which cybercriminals embed malware in emails and disguise it as a voicemail recording.
This is just the latest in a long line of ever-changing and consistently effective cybercrime weapons, all of which begs the question:
How does this keep happening?
Because very few businesses are learning how these breaches happen and what they should be doing to prevent it from happening to them. The fact is that cybercriminals can keep relying on the same old tactics to penetrate business’ systems because they keep working.
That’s why every time a breach like this occurs, it is vitally important that you find out how it happened and determine whether a similar vulnerability exists in your organization.
Let’s start at the very beginning…
What Is Phishing?
Phishing is a method in which cybercriminals send fraudulent emails that appear to be from reputable sources in order to get recipients to reveal sensitive information and execute significant financial transfers.
Phishing attacks are mass emails that request confidential information or credentials under pretenses, link to malicious websites or include malware as an attachment.
How Has Phishing Evolved?
- Sextortion
Sending “risqué” photos to a consenting party isn’t a crime, and it shouldn’t face any consequences – but if the wrong person gets their hands on those photos, you might.If in the process of hacking you or a loved one’s data a hacker comes across private photos, they could hold them against you for a ransom. By threatening to post these lewd photos online, they pressure you into paying up.
- Vishing
“Vishing” is one of the latest variants of phishing being tracked by cybersecurity professionals. Instead of attaching malware to an email and disguising it as say a PDF, cybercriminals specifically disguise it as an audio file and make it so the email appears to be from an automated voicemail service.These legitimate services are more and more common in the business world today. When a user receives a voicemail, they also get an accompanying email with a recording of the message for them to review without having to access their voicemail inbox.
Regardless of how vishing works, it’s based on the same principle as all other types of phishing – it assumes the user will believe that the email is legitimate, and will download the attachment.
- Gift Cards
Say you get a phone call from someone saying they’re from a creditor or the IRS. They will speak in hostile threatening tones, and they claim that if you don’t pay up immediately, terrible things will happen.However, instead of asking for money, they instruct you to go to a local store like Walmart and buy gift cards in the amount you owe. Once you buy them, you call the thief back and give them the numbers found on the back of the cards. Once they have these, they can use them online to make purchases.
This scam is often successful because it doesn’t require a massive payout, and it can’t be tracked through a transfer of funds.
That’s why you and your staff need to know how to identify a phishing email before you make a critical error…
3 Signs That It’s A Phishing Email
Share these tips with your employees to ensure they know how to spot a phishing attempt:
- It’s Poorly Written
Modern cybersecurity awareness comes down to paying attention to the details. When reading a suspicious email, keep an eye out for any typos or glaring errors. Whereas legitimate messages from your bank or vendors would be properly edited, phishing emails are notorious for basic spelling and grammatical mistakes. - It’s Too Vague
Another point to consider is how vague the email is. Whereas legitimate senders will likely have your information already (such as your first name) and will use it in the salutation, scammers will often employ vaguer terminology, such as “Valued Customer” – this allows them to use the same email for multiple targets in a mass attack. - It’s An “Emergency”
If the subject line makes it sound like an emergency — “Your account has been suspended”, or “You’re being hacked” — that’s another red flag. It’s in the scammer’s interest to make you panic and move quickly, which might lead to you overlooking other indicators that it’s a phishing email.
At the end of the day, there is no perfect technological solution that will save you from phishing. It all comes down to you (and the other users at your business), and how capable you are at spotting a scam when it comes into your inbox.
Like this article? Check out the following blogs to learn more:
How Are Face and Touch Recognition Changing iCloud Access?