So, you have heard about phishing scams, but wonder how anyone can ever fall for these simple ruses. You surely wouldn’t find yourself becoming a victim to such a rudimentary form of deception, would you? Think again.
Email phishing scams have become more sophisticated than you might have imagined, and even the most vigilant of workers can let their guard down once in a while. To make sure you are ahead of the curve when it comes to phishing attacks, here are 5 different examples of how phishing scams work, and just how they will try to fool you into clicking that link.
The Bank Angle
One of the most popular ploys when it comes to phishing scams comes in the form of an email purporting to be from a bank or financial institution, asking for you to confirm your credentials for security purposes.
When the accounts manager sees this email, that handy quick link to the banking website looks all too convenient to click. Once that button is clicked, the damage is already done.
The Unhappy Customer
Another ruse employed by cybercriminals intent on stealing login information takes the form of an irate customer or supplier.
The email begins with a disgruntled section of text, perhaps a customer supposedly taking legal action against your company, or maybe the landlord serving you notice of eviction.
Attached to the email is the legal documentation associated with their complaint. The problem is, within that file attachment is a keylogger that once deployed, will send every keystroke you make on your keyboard back to a cybercriminal sitting at their desk thousands of miles away.
When you log in to your email, bank or any other business-related service, that information has now been compromised.
The Taxman is Calling
When tax time rolls around, it is not uncommon to see plenty of emails from the government head office reminding you to file your tax return.
That is why, when cybergangs target companies at the end of the tax year, the phishing scam often takes the form of an email that says you have either been selected for an audit, or are due a tax rebate.
Seeing this sort of email becomes second nature to many people who deal with the financial side of a business, and as such, it can be extremely tempting to simply click that link and get the issue sorted.
As you have probably guessed by now, that link takes the victim to a fraudulent website, where the details you enter will be harvested and used to steal login details.
You Have Been Compromised!
“Your account has been compromised” reports the email; supposedly from a service that you regularly use for business.
Your mind then fills with all the horrors that could befall you, should someone have access to said account. In your panic, you follow the link provided to sign in and change your password immediately, as time is of the essence!
Congratulations, you have just fallen prey to one of the most successful phishing tactics out there.
When we panic, we often make silly decisions, and we are never more panicked than when we think someone has access to our accounts. The irony being, of course, is that nobody had access to your account until you clicked that link.
The Concerned Business Partnership
This particular ruse is successful because it immediately puts the recipient at ease.
An email from what looks like your regular supplier (or service provider) is asking you to provide them with some information purely as a security measure, to check that you are indeed a legitimate company.
You may even think it is wonderful that they are taking the security of their (and in turn, your) business so seriously. You deal with each other on a regular basis, and it seems like a good idea to verify yourself, to make sure your business relations are as friction-free as possible.
Unfortunately, you are not verifying yourself with a legitimate business, but are in fact handing over your digital keys to someone who is about to steal your hard-earned cash.
Keep your Business Safe
When it comes to keeping your business safe online, there are plenty of vulnerabilities to keep an eye out for, and address where possible, but teaching the workforce how to identify a phishing scam is one of the easiest ones to enact.
While there may be a few instances where a scam may slip through the net, limiting these opportunities to as few as possible should always be the aim of any business that values the security of their own assets, and the data needed to access them.
Originally posted 2020-02-24 04:11:20. Republished by Blog Post Promoter