Phishing Attacks: Don't Take the Bait
There is a new favorite pastime of cyber criminals and scammers alike, and it costs American businesses $1.3 billion dollars a year: phishing. Phishing is a tactic used by individuals who are trying to obtain sensitive information on the internet.
The ultimate goal of an attack is to get the receiver to click on a link or to open an attachment that is embedded in an email. Once this malicious link is clicked, malware is installed onto the user’s computer, allowing the scammer to have unrestricted access to the target’s sensitive information, including search history, passwords, emails, credit card and health information, and client records.
Just as phishing attacks have become more common, so too have they become more creative in their execution and increasingly devastating for the business that is targeted by scammers. The average phishing attack on a medium sized company, such as Donnelly-Boland, costs that company $1.6 Million. Knowing the warning signs of a targeted attack is the first step in protecting our company and maintaining the security of our future.
Three Things to Look Out for:
Because a phishing attack can only be successful if the recipient opens the link or attachment, scammers will try to instill a sense of urgency in their messages. Look for phrases like “action needed” or “someone logged into your account.” Scammers are trying to get their targets to act on emotion rather than rationality; urgency is a good way to achieve an impulsive reaction.
Another common tactic used by phishers is to impersonate a large and well-known brand to solicit a click. In more targeted attacks, scammers can even impersonate a co-worker. In these cases where a known brand or employee is being impersonated and sending a suspicious and unsolicited link, check the email address of the sender. Commonly, the email address will be extremely close to the address of a legitimate source, but the phishing email address may have a letter missing or be slightly misspelled. If an email from a co-worker or larger company contains a link that in any way seems suspect, be sure to take some time to look for errors or anomalies in the email.
Lack of Personalization:
Phishing attacks are a numbers game. Therefore, cyber criminals tend to send the same email to thousands of accounts at once. A legitimate email is far more likely to be personalized to the recipient, so look out for suspicious emails that use generic greetings like “Dear Customer” or “Valued [Service] Member.” Keep in mind that not all attacks are generalized, so it is important to be suspicious of any and all communications that contain a link.
Unfortunately, phishing is here to stay and becoming more sophisticated by the week. With this in mind, it is essential to maintain a sense of healthy suspicion, and make sure to take a second to review unfamiliar emails.