Scammers use email or text messages to trick you into giving them personal information

How do they do that?

Every day, email inboxes fill up with annoying, unwanted messages. However, some of these junk messages are malicious, phishing attacks. By using phishing emails, texts, or social media posts that lead to phishing sites.

What is phishing?

Phishing is a type of cyber-attack specifically created to gain sensitive information. Attackers will try to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could gain access to your email, bank, or other accounts.

What happens in a phishing attack?

See the following illustration.

What happens in a phishing attack?

Watch out for the following phishing attacks while working:

• Business Email Compromise (also known as CEO Fraud)
  • This type of phishing occurs when a cybercriminal sends an email to a random employee, typically someone who works in the accounting or finance department while pretending to be the a higher level manager or executive.
  • The goal of these emails is often to get their victim to transfer funds to a fake account. This also includes payroll direct deposits.
• Clone Phishing
  • The attack creates a virtual replica of a legitimate message and sends the message from an email address that looks legitimate.
  • Any links or attachments in the original email are swapped out for malicious ones.
• Domain Spoofing
  • This method of attack uses either email or fraudulent websites.
  • Occurs when a cybercriminal “spoofs” an organization or company’s domain to:
  • make their emails look like they’re coming from the official domain
  • make a fake website look like the real deal by adopting the real site’s design and using a similar URL.
• Spear Phishing (91% of all phishing attacks start with spear phishing)
  • Utilizing social engineering tactics (such as email subject lines with topics of interest) to help tailor and personalize the emails to their intended victims.
  • Intended to trick victims to open the email to click links and open attachments.
  • The goal is to steal data or to install malware onto the recipient’s computer to gain access to their network and accounts.

Other types of personal and organizational phishing:

• Evil Twin
• HTTPS Phishing
• Smishing
• Vishing
• Water Hole Phishing

Tip of the Day
How do I recognize phishing?

Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment.

The malicious email may:

• say they have noticed some suspicious activity or log-in attempts
• claim there is a problem with your account or your payment information
• say you must confirm some personal information
• include a fake invoice
• want you to click on a link to make a payment
• say you’re eligible to register for a government refund
• offer a coupon for free stuff

Here’s a real world example of a phishing email.

Imagine you saw this in your inbox. Do you see any signs that it’s a scam?

Let’s take a look.

• The email looks like it’s from a company you may know and trust: Netflix. It even uses a Netflix logo and header.
• The email says your account is on hold because of a billing problem.
• The email has a generic greeting, “Hi Dear.” If you have an account with the business, it probably wouldn’t use a generic greeting like this.
• The email invites you to click on a link to update your payment details

While, at a glance, this email might look real, it’s not. The scammers who send emails like this one do not have anything to do with the companies they pretend to be. Phishing emails can have real consequences for people who give scammers their information. And they can harm the reputation of the companies they’re spoofing.

Questions?

Contact your Technology Solutions Department.