As more and more businesses rely on technology to operate their business, it's essential to be aware of how phishing scams are the most popular method for cyber criminals to try and compromise organizations. Roughly 90% of data breaches occur because of a phishing scam. ‘Phishing’ is an umbrella term for texts, calls, or emails sent by bad actors to gain access or steal your money, identity and sensitive company information. Though these scams are well known, threat actors can be convincing, and people still report falling for these attacks. 30% of phishing emails are opened and 40% of workers have self-reported having taken dangerous action on unknown emails.
Read on to learn about the most common phishing scams and find out how to avoid getting reeled in with tips on how to spot these scams.
Spear phishing is the most common type of phishing emails and are targeted at specific companies or groups of people. These emails appear to come from someone that the group has in common and are constructed with the group in mind. They usually contain terminology commonly used amongst this group and cite a specific detail to make the email look legit. The subject and context of the email typically calls for urgent action and urges the recipients to click on an unsafe link or share sensitive data.
How to spot spear phishing scams
Always double check the sender’s email and make sure it’s actually from the person it says it’s from. Cyber criminals will usually create a fake email address that looks like it’s from a well-known individual from a company but will have either spelling errors or a different email domain. When in doubt, reach out in a new message and ask the person if this email is real and came from them before taking any action.
Smishing attacks occur over SMS text messages and takes advantage of the use of text messages to confirm information for multifactor authentication or send emergency alerts. These types of alerts usually come from random numbers and lack any type of distinctive branding, which makes it hard to spot when it’s a scam.
How to spot smishing scams
Always verify that the text you received is actually from the organization they claim to be with. A quick phone call to confirm the text can save you from a devastating breach. If the text contains any type of urgency to take action, such as clicking a link or confirming personal information, always confirm it’s real before answering or following an unsafe link.
Another form of smishing that can be hard to identify as a scam are texts sent from a company trying to verify your account. These types of alerts are triggered when a threat actor is trying to change your password or triggers an alert due to too many failed attempts to login to your account. So, if those actions weren’t taken by you and you receive a text message asking for specific actions to access your account, do not engage with the text message.
A CEO Fraud email appears to come from the CEO of a company and is sent out to employees asking for urgent action to be taken on their behalf. These types of emails can be easy to fall for, especially if they’re sent to groups of people who have little contact with the CEO. New employees and interns are common targets for these security threats and might take immediate action without double checking the legitimacy of the email because they want to impress the CEO and make a good impression. It can also be either difficult to get in contact with the CEO or uncomfortable to ask to confirm if the email came from them, leading many to prefer to just take the action in the email rather than verify the communication.
How to spot CEO fraud
Like any other email accounts created by cyber criminals, there are typically spelling errors in the name or the email is from the incorrect domain. Always double check before engaging with the email. If you’re unsure of the CEO’s email, double check the address with your boss or someone who works closely with the CEO to see if it’s legit.
Business Email Compromise
A business email compromise comes from a threat actor pretending to be a business partner, customer, or vendor of the recipient. The emails usually contain business terminology or mention an active employee to make it seem more legit. They also encourage action to be taken, such as sending over company information or following an unsafe link. These scams can be hard to spot, especially for new employees who are just learning the ropes and are not familiar with all the people that the company is in contact with.
How to spot business email compromise scams
If you’re unsure of the organizations the company does business with, always verify if the vendor or business partner is real, especially if they’re asking you to click on a link or share company information. Always verify if a customer’s ask is against company protocol and never follow a link sent until you confirm they are real.
Get Peace of Mind With Entara
Entara offers complete, integrated IT and cyber security solutions tailored to your company’s unique needs and challenges. As an eXtended Service Provider, in addition to managed IT and cyber security services, our 24/7/365 incident response team works day, night, and holidays to help businesses recover from cyber-attacks and remediate their systems to avoid repeat events. We employ a range of security integrations and technology services to better protect our clients’ systems, networks, and datas. Connect with us to learn more about how we can support your organization.