Jack Pittas, Co-Founder of PK Cyber Solutions Inc.
While the increased use of teleworking has created stress and additional headaches for employees, it’s generated nothing but opportunities for cyber criminals, specifically the “Online Scammers.” That is why the use of “phishing” has absolutely skyrocketed within the last 6 months.
While the increased use of teleworking has created stress and additional headaches for employees, it’s generated nothing but opportunities for cyber criminals, specifically the “Online Scammers.” That is why the use of “phishing” has absolutely skyrocketed within the last 6 months.
Formally defined as the Soliciting of private information from customers or members of a business, bank or other organization in an attempt to fool them into divulging confidential, personal and/or financial information, phishing can be done via social media, text messaging, or instant messaging, but is most commonly sent through email. Email phishing scams can be sent to a high volume of recipients at once, or be targeted (spear phishing). Additionally, if the act of spear phishing is targeted at a high level person at an organization, the term used is “whaling.” If you or your company are victim to any type of a successful phishing scam, don’t feel too bad. You’re just part of the 65% of US-based businesses who are victims to these successful attacks.
As of 2019, 33% of all cyber breach incidents included the use of phishing scams. However just about all of them could’ve been prevented with the right knowledge and mindset. You first want to focus on the preventive measure, this being some type of email filtering mechanism (which most email servers have automatically) in order to block the phishing emails from coming in. The one issue with cyber criminals, however, is that they are versatile and have quickly adapted to the spam filtering systems. In other words, phishing email designs have become so elaborate that an estimated 90% of them are found in secure email gateways (SEG’s). So next, you’ll need to use detective measures to separate the scam emails from the legitimate ones. Luckily, phishing emails (for the most part) have some universal traits:
● The email URL does not match one from the company domain and/or has some obscure character combinations
● There will often be a story or level of context involved:
○ “We’ve noticed some suspicious activity”
○ “There is a problem with your account”
○ “Your order has not been delivered”
● The email will contain a generic greeting:
○ “Dear user”
○ “Dear valued customer”
● The emails might include some attachments, fake invoices, or coupons
● The email will have some web link for the recipient to “make a payment” or “fix/update account information.” The link will likely have an odd combination of characters.
● The email signature may look basic or bland, especially if it appears to be from a well known company
○ “The Netflix Account Team”
○ “Wells Fargo Customer Team”
● If it’s a well-known company, the logo may look slightly different from what you’re used to seeing
A few other things to keep in mind when evaluating potential phishing scams:
● If it seems too good to be true, (“Click here to collect your free membership”) then it probably is
● If Bob from accounting always calls you when requesting information, but randomly sends an email requesting something sensitive one day, it may be a (spear) phishing scam
● If it actually was extremely important and/or urgent, the person requesting the information would probably call you
You should of course always consult with your information-technology, cybersecurity, or managed-service provider representative in the event of any possible phishing threats.
Sources:
-National Institute of Standards and Technology (NIST)
-Verizon Data Breaches Investigations Reports
-Symantec Internet Security Threat Reports
As of 2019, 33% of all cyber breach incidents included the use of phishing scams. However just about all of them could’ve been prevented with the right knowledge and mindset. You first want to focus on the preventive measure, this being some type of email filtering mechanism (which most email servers have automatically) in order to block the phishing emails from coming in. The one issue with cyber criminals, however, is that they are versatile and have quickly adapted to the spam filtering systems. In other words, phishing email designs have become so elaborate that an estimated 90% of them are found in secure email gateways (SEG’s). So next, you’ll need to use detective measures to separate the scam emails from the legitimate ones. Luckily, phishing emails (for the most part) have some universal traits:
● The email URL does not match one from the company domain and/or has some obscure character combinations
● There will often be a story or level of context involved:
○ “We’ve noticed some suspicious activity”
○ “There is a problem with your account”
○ “Your order has not been delivered”
● The email will contain a generic greeting:
○ “Dear user”
○ “Dear valued customer”
● The emails might include some attachments, fake invoices, or coupons
● The email will have some web link for the recipient to “make a payment” or “fix/update account information.” The link will likely have an odd combination of characters.
● The email signature may look basic or bland, especially if it appears to be from a well known company
○ “The Netflix Account Team”
○ “Wells Fargo Customer Team”
● If it’s a well-known company, the logo may look slightly different from what you’re used to seeing
A few other things to keep in mind when evaluating potential phishing scams:
● If it seems too good to be true, (“Click here to collect your free membership”) then it probably is
● If Bob from accounting always calls you when requesting information, but randomly sends an email requesting something sensitive one day, it may be a (spear) phishing scam
● If it actually was extremely important and/or urgent, the person requesting the information would probably call you
You should of course always consult with your information-technology, cybersecurity, or managed-service provider representative in the event of any possible phishing threats.
Sources:
-National Institute of Standards and Technology (NIST)
-Verizon Data Breaches Investigations Reports
-Symantec Internet Security Threat Reports
RSS Feed
