Phishing attacks are counterfeit communications that appear to come from a trustworthy source, but which can compromise all types of data sources.
These attacks can facilitate access to your online accounts and personal data, obtain permissions to modify and compromise connected systems, such as point of sale terminals and order processing systems, and in some cases hijack entire computer networks until a ransom fee is delivered.
We all like to think we can spot an obvious phishing fraud, like the email from an unknown sender offering us £2 million, in exchange for our bank details and in most cases, hackers are content with getting hold of your personal data and credit card information. But the game has changed, and online fraud is evolving with new tactics.
Now, criminals are taking a more personal approach and searching the Internet for all the details they can find about us. Social media is making it easier for scammers to craft believable emails called spear phishing. The data we share every day gives fraudsters clues about our lives they can use against us. It could be something as simple as somewhere you recently visited or a website you use. When we check our inbox, we often pick out something that strikes a chord. This is referred to as an illusory correlation, which is seeing things as related when they aren’t.
Psychologists say we are more likely to respond to requests from people higher up in our social and professional hierarchies and fraudsters have learned about this too. Indeed, around 20% of all employees are likely to click on phishing email links and of those, a staggering 68% go on to enter their credentials on a phishing website.
All members of your organisation’s management team are vulnerable. If a phishing scammer acquires the email credentials of high-profile leadership, it’s likely they’ll target anyone they can using that very email address. Potential targets would be: colleagues, team members and even customers,if they’ve already obtained that information.
Targets are normally chosen based on their rank, age or social status. Sometimes, spamming is part of an organised cyber attack against a specific organization and individual targets are selected if they work or have connections to this organisation.
All firms are at risk of falling victim to fraudulent scams perpetuated via email or social media platforms.
Business organisations are frequent targets for fraudsters impersonating banks, brokers and other third-party organisations who may wish to perpetuate fraud, or to access personal data or confidential data. It has been known for fraudsters to impersonate business clients and then direct those firms to engage in perpetuating fraud which has only become apparent to the firm only months later.
- Phishing is when attackers attempt to trick users into doing ‘the wrong thing’, such as clicking a bad link that will download malware or direct them to a dodgy website.
- Phishing can be conducted via a text message, social media, or by phone, but the term ‘phishing’ is mainly used to describe attacks that arrive by email.
- Fraudsters are using spam bots to engage with victims who respond to the initial hook email. The bot uses up-to-date information from LinkedInand other social media platforms to gain the victim’s trust and lure them into giving valuable information or transferring money.
- Many more technical solutions are available for scammersthese days to conceal their identities, like using anonymous communication channels or fake IP addresses.
Data from Google Safe Browsing shows there are now nearly 75 times as many phishing sites as there are malware sites on the Internet. and email spam cons cost businesses around the world around US$20 billion (£17 billion) every year. Business consultant BDO found that six out of ten mid-sized businesses in the UK were victims of fraud in 2020, suffering average losses of £245,000.
Even confirming your email address is in use can make you a target for future scams. There is also a more human element to these scams compared with the blanket bombing approach scammers have been using for the last two decades.
One simple way to avoid being tricked is to double-check the sender’s details and email headers. Think about the information that might be out there about you, not just about what you receive and who from. If you have another means of contacting that person, do so. if you don’t want someone to know things about you, don’t put it online.
The more advanced technology gets, the easier it is to take a human approach. Video call technology can bring you closer to your friends and family,but these aren’t always secure. Giving people who would do you harm a window into your life is never a good idea. To avoid becoming a victim, you have to use your inborn defences – your human instinct – if something doesn’t feel right, don’t do it.
Source: Cyber Security Intelligence