- About Us
- IT Services
- IT Security
- Cloud Services
- Who We Help
- Contact Us
The beneficiary of a million-dollar insurance policy or trust. The winner of a lottery. The well-known ‘419’ email scam where a “wealthy” Nigerian “prince” reaches out to you for help accessing an unanticipated financial gain. These are some of the best-known examples of an incident known as phishing, where emails are sent by a malicious actor in an attempt to make financial capital out of unsuspecting recipients.
The end goal of these scams was to extract sensitive data of unsuspecting individuals, including social security numbers and banking details. These are just a few of the many peculiar scenarios promised by phishing emails of the early days. It is believed that the first recorded instance of phishing happened in the mid-1990s, involving the AOL dial-up internet service.
Unwelcoming emails requested Personally Identifiable Information (PII) from account holders, credit card numbers, checking account information, and passwords. When AOL started to address phishing attempts by fraudsters in the mid to late 1990s, malicious actors began to create various email accounts via other providers.
After creating generic email accounts, the malicious actors sent emails that looked like they had been sent via well-known organizations, including FedEx, UPS, PayPal, and Amazon. The end goal was to obtain financial information, social security numbers, usernames, and passwords before committing financial fraud in the unsuspecting victim’s name.
Unfortunately, phishing attacks have increased exponentially in volume, and are considered a serious threat to businesses and individual internet users. Phishing attacks can result in damaging financial losses. Phishing emails can also be more difficult to recognize than many internet users think. Malicious actors have turned to more sophisticated phishing strategies to get recipients to open, click, and share information. For malicious actors, these sophisticated strategies are paying off. Business email compromise (BEC) scams are more successful than they have ever been, costing businesses more than $2 billion in 2020.
Most phishing emails appear very legitimate, generally by imitating a well-known business’s logo and contact information. For this reason, it is not uncommon for recipients to believe the emails are legitimate, and even large companies have fallen victim to phishing scams. While some people’s interest and curiosity got the better of some victims, others were never a victim of phishing scams. So malicious actors responded by impersonating trusted businesses and organizations.
An email from Wells Fargo or another bank alerting you that your bank account will be closed or that you need to reset your password are common examples where fraudsters impersonate an email sender you trust. The cybercriminals entice victims into clicking a link that appears to lead to the actual website, but instead, users are led to a fake copy of that website that is designed to steal confidential information from the user.
Phishing attacks have been further enhanced by attaching ransomware and malware-filled files to the emails. What makes phishing attacks particularly dangerous is that attackers spoof file extensions. For example, you would probably never open a “Program.exe” even if it was attached in an email from a known sender because executables can be menacing. On the other hand, you would probably open ”October Invoice 2021.pdf” because it does not appear to be dangerous.
Unfortunately, these are all a part of this long and ‘phishous’ cycle of phishing attacks.
There are many strategies and techniques malicious actors use to carry out a phishing attack. Some of the more common techniques are:
Phishing emails are no longer cheesy and obvious scams. Today, malicious actors will typically impersonate sources you are familiar with, but they can be easy to detect if you know what to look for. Your employees should be aware of what to look for in a possible phishing email:
Phishing scams can result in significant financial losses to businesses and organizations. Phishing emails have become more detailed and sophisticated today, making them difficult for someone businesses and organizations to detect. It is critical that everyone in your workplace is aware of common phishing trends and techniques. When you educate your employees on phishing scams and other cybercrime, you can protect your business or organization from financial losses and other damaging consequences.
To combat the threat of phishing, businesses and organizations can provide staff awareness training and implement the proper IT solutions and cybersecurity tools so that your team can develop good habits and detect cybercrime as soon as it happens. You want to protect your business or organization from phishing email attacks and other potential cybercrime. The best way to do this is to create a culture of cyber security awareness. The first step is to reach out to Colorado Computer Support for information on our cyber security solutions. Call us today at 719.355.2440 to schedule your consultation.