Phishing Emails Are No Longer Cheesy
The beneficiary of a million-dollar insurance policy or trust. The winner of a lottery. The well-known ‘419’ email scam where a “wealthy” Nigerian “prince” reaches out to you for help accessing an unanticipated financial gain. These are some of the best-known examples of an incident known as phishing, where emails are sent by a malicious actor in an attempt to make financial capital out of unsuspecting recipients.
The end goal of these scams was to extract sensitive data of unsuspecting individuals, including social security numbers and banking details. These are just a few of the many peculiar scenarios promised by phishing emails of the early days. It is believed that the first recorded instance of phishing happened in the mid-1990s, involving the AOL dial-up internet service.
Unwelcoming emails requested Personally Identifiable Information (PII) from account holders, credit card numbers, checking account information, and passwords. When AOL started to address phishing attempts by fraudsters in the mid to late 1990s, malicious actors began to create various email accounts via other providers.
After creating generic email accounts, the malicious actors sent emails that looked like they had been sent via well-known organizations, including FedEx, UPS, PayPal, and Amazon. The end goal was to obtain financial information, social security numbers, usernames, and passwords before committing financial fraud in the unsuspecting victim’s name.
Phishing Attacks Have Become a Long and ‘Phishous’ Cycle
Unfortunately, phishing attacks have increased exponentially in volume, and are considered a serious threat to businesses and individual internet users. Phishing attacks can result in damaging financial losses. Phishing emails can also be more difficult to recognize than many internet users think. Malicious actors have turned to more sophisticated phishing strategies to get recipients to open, click, and share information. For malicious actors, these sophisticated strategies are paying off. Business email compromise (BEC) scams are more successful than they have ever been, costing businesses more than $2 billion in 2020.
Most phishing emails appear very legitimate, generally by imitating a well-known business’s logo and contact information. For this reason, it is not uncommon for recipients to believe the emails are legitimate, and even large companies have fallen victim to phishing scams. While some people’s interest and curiosity got the better of some victims, others were never a victim of phishing scams. So malicious actors responded by impersonating trusted businesses and organizations.
An email from Wells Fargo or another bank alerting you that your bank account will be closed or that you need to reset your password are common examples where fraudsters impersonate an email sender you trust. The cybercriminals entice victims into clicking a link that appears to lead to the actual website, but instead, users are led to a fake copy of that website that is designed to steal confidential information from the user.
Phishing attacks have been further enhanced by attaching ransomware and malware-filled files to the emails. What makes phishing attacks particularly dangerous is that attackers spoof file extensions. For example, you would probably never open a “Program.exe” even if it was attached in an email from a known sender because executables can be menacing. On the other hand, you would probably open ”October Invoice 2021.pdf” because it does not appear to be dangerous.
Unfortunately, these are all a part of this long and ‘phishous’ cycle of phishing attacks.
Common Phishing Trends and Techniques Impacting Colorado Businesses
There are many strategies and techniques malicious actors use to carry out a phishing attack. Some of the more common techniques are:
- Compromised accounts lead users to believe that suspicious activity has been found on one of their accounts. The email requests that users reset their passwords or submit their personal information.
- An email from a trusted vendor claims you need to update your payment information before the products you ordered will be delivered. If you have not recently purchased anything from the vendor, you should always be suspicious.
- An email containing a hyperlink that requests users to download a malicious file. Never click any links in your email unless you are positive you know the sender and requested the information you have been sent.
- Invoice emails that claim an outstanding invoice needs to be paid. The email requests that the recipient clicks a link to pay the invoice. However, when the unsuspecting user clicks the link and accesses the website, the malicious actors will gain access to sensitive information.
How Can Your Colorado Business Spot a Phishing Email?
Phishing emails are no longer cheesy and obvious scams. Today, malicious actors will typically impersonate sources you are familiar with, but they can be easy to detect if you know what to look for. Your employees should be aware of what to look for in a possible phishing email:
- The sender’s email address is not correct, but similar to the actual sender’s email address.
- There are obvious errors in the email, like grammar errors, misspellings, and incorrect information.
- The email contains one or more links that do not direct you to the website of the actual sender, or the email wants you to access a third-party site that is not connected to the sender.
- The email sender has requested that you send confidential information such as your social security number or bank account information. You should always be suspicious of these emails and you should never share this type of information without getting confirmation from a supervisor.
- You discover an email in your inbox that you were not expecting from an individual, supplier, vendor, or business or organization that you have not communicated with for an extended period of time. The best thing to do is not open the email because it is likely a phishing email. The safest thing for you to do is delete the entire email.
Let Colorado Computer Protect Your Business From Potential Phishing Attacks
Phishing scams can result in significant financial losses to businesses and organizations. Phishing emails have become more detailed and sophisticated today, making them difficult for someone businesses and organizations to detect. It is critical that everyone in your workplace is aware of common phishing trends and techniques. When you educate your employees on phishing scams and other cybercrime, you can protect your business or organization from financial losses and other damaging consequences.
To combat the threat of phishing, businesses and organizations can provide staff awareness training and implement the proper IT solutions and cybersecurity tools so that your team can develop good habits and detect cybercrime as soon as it happens. You want to protect your business or organization from phishing email attacks and other potential cybercrime. The best way to do this is to create a culture of cyber security awareness. The first step is to reach out to Colorado Computer Support for information on our cyber security solutions. Call us today at 719.355.2440 to schedule your consultation.
