With the holiday shopping season upon us, the FBI is warning consumers to be on the lookout for cyber scams and phishing attacks. Why such concern? According to research, phishing remains a popular and surprisingly effective attack method — in fact, 23 percent of recipients open phishing messages and 11 percent click on attachments.
Unfortunately, phishing campaigns come in many different shapes and sizes. While some are obvious and indiscriminate, luring only the most susceptible of victims (like that long-lost uncle who just needs your routing number to give you $100,000), others are more poised and targeted, only interested in targeting those with big bank accounts or holders of confidential company documents.
In this slideshow, Jon French, security analyst, AppRiver, breaks down what consumers and organizations need to know about phishing scams in order to protect themselves and their networks, this holiday season and beyond.
Phishing Scams 101
Click through for a closer look at phishing scams and how consumers and organizations can better protect themselves and their networks, as identified by Jon French, security analyst, AppRiver.
What Is a Phishing Attack?
A phishing attack is when an outside attacker attempts to gain information from someone by claiming to be something else. A classic example would be when an attacker sends an email claiming to be from your bank, and links to a spoofed website asking for personal details. Sometimes this is obvious, with a poorly made website or typos everywhere, but other times it can be almost impossible to tell by just looking at the page. It’s important to keep an eye out as to what website you are actually at and what information it is asking for.
Different Phishing Tactics
A number of different phishing tactics are designed to steal your information or get into your network. Spear phishing is one tactic that targets specific individuals, companies and organizations to gather personal information. Clone phishing is another sneaky tactic that replaces legitimate, previously delivered email content with malicious content and attachments. Cybercrooks often get away with it by claiming that they are sending an updated version of the previous email. Another example is whaling. Just what it sounds like, whaling is when phishers are after the “big phish.” Common examples include a subpoena being delivered to a CFO for fraud or a customer complaint to the director of customer service.
Phishing Signs – Grammatical Errors
Grammatical errors should always be cause for pause. While copywriters and editors may make the occasional typo in their emails, companies that phishers try to imitate, like Amazon and MasterCard, can afford to hire editors who catch those mistakes.
Phishing Signs – Design Changes
Emails that are formatted differently than normal are also warning signs. It’s one thing for a website or logo to get a facelift, but it’s another for a company that would normally have purchase information in the body of the email to put it in a .zip attachment. Additionally, if taken to a website, certain nuances of a site, like images not loading and boxes not lining up, should raise red flags. And while a website may look similar to what you normally see, it’s a good habit to look at the website address in the address bar and make sure you are at the correct website.
Phishing Signs – Asking for Personal Info
Your credit card company knows your full account number, complete with the exact spelling of your name as it appears on the card, the security code, the billing address and expiration date. They will never ask you for all of that information. Depending on the scope, they typically would ask for one or two pieces of identifiable information and a security question for verification. And when in doubt, you can always call the company in question and speak to a representative. He or she will be able to tell you if it’s a legitimate email or not.
Prevention & Protection: Be a Skeptic
Tip 1: Be a skeptic.
As a user, always keep a healthy level of skepticism when reading unsolicited email — particularly if you’re seeing some type of too-good-to-be-true holiday shopping deal. Never click on its links or attachments unless it’s a trusted source.
Prevention & Protection: Stay Up to Date
Tip 2: Stay up to date.
This certainly isn’t the first time you’ve heard this, but it’s a good reminder to update your software. Hackers often leverage vulnerabilities in outdated software. That’s why web browsers and third-party software must be kept up to date. IT staff should always ensure this best practice is front and center with employees.
Prevention & Protection: Adopt a Layered Security Approach
Tip 3: Adopt a layered security approached.
While it’s great to familiarize yourself with the latest trends in IT security, the easiest way to prevent a phishing attempt on your network is to adopt a layered security approach. Although there is no “silver bullet” to prevent malware attempts, like phishing, a combination of email filtering and web protection solutions can work together to block malware from gaining access to your network.
Prevention & Protection: Reward Honesty
Tip 4: Reward honesty and communication.
Once a company’s perimeter has been breached, reaction time plays a critical role in mitigating the damage. Employees should not be afraid of facing repercussions if they’ve fallen victim to an attack. Instead, they should be encouraged to inform their IT department straight away.
A Final Holiday Tip
Throughout the holiday season, a lot of money exchanges hands, both physical and virtual. This is a primetime of the year for phishing attacks to take place and questionable websites to run off with money. With users searching for great deals and in the money spending spirit, it could be possible for them to fall victim to an attack more easily. So keep an eye out for great deals but stay alert to what information you may be giving out and to whom you’re giving it to.
