Have you ever received emails offering lucrative deals in your business inbox? Such as, offers of mortgage refinance, work-from-home jobs, or a cut of unemployment benefits issued in your name.
Security teams have noted a dreadful increase in such emails across businesses. They label these attacks as phishing. That is, emails that try to con people into sharing data. Sometimes, such emails also try to rob you.
For instance, look at a real-life phishing incident posted online by Mortgage Banker.
As per Asaf Cidon, criminals tried to con a home-buyer by tricking them to wire the funds, necessary for closing the escrow, to a fake account.
As per the report, the home-buyer received the above email the very day they were meant to wire the funds. The con artists disguised their bait as an email sent by the mortgage company, and asked the buyer to wire the money to a new bank account.
Fortunately, the home-buyer chose to investigate the matter, and called their mortgage agent.
What is phishing, and how to protect your business from phishing scams
Unfortunately, the incident quoted above isn’t an isolated incident of a phishing attack. As per to a 2021 survey on phishing, about 74% of the respondents fell victim to such an attack in 2020.
What is phishing?
Phishing attacks target people via emails, and try to con them. Criminals phish people either for money or information.
The money scams would either trick you into wiring money or buying fake services. Besides, the scammers also try to record your bank details, so they can attack your bank as well.
Phishing attacks trying to steal data would trick you into revealing sensitive information. For instance, emails from identity thieves attempt to record your personal information. Similarly, emails from hackers aim at recording your business transactions. Later, they would use the information to attack your business.
Some emails would lure you into downloading malicious software, like spyware and adware. Phishing attacks act as launch pads for vicious ransomware attacks as well.
What are phishing attacks?
These attacks rely on emails that look like messages sent by well-known brands. Sometimes, a criminal would look into personal life, before sending an email to you. The email would like a message from your mortgage agent, or your boss, or your utility company.
The message would try to force you into a sense of fear or insight urgency. Some attackers tap into our sense of greed as well.
For instance, 2020 has seen a huge rise in pandemic-themed attacks. Such emails would state that you only have a few hours to respond, or that without urgent action, you could lose access to your bank account.
Take a look at the three phishing examples listed below. Quoted by Google, these emails show how sophisticated phishing attacks have become.
- Emails that pretend to be from your office. It would threaten you to update your bank details immediately as instructed
- Emails that say that they are from the WHO staff, and ask for donations to fight COVID
- Emails that use the lure of the economic stimulus checks from the government
Phishing emails also rely on our sense of greed to trick us. For example, it would claim that you have been selected for a trip to Florida, or won a free iPhone. Act cautiously, if you receive such an email. Such messages use attention grabbing language and insight a sense of urgency. In addition, it would ask you to click on a link, make a phone call, or ask for your bank details.
Other common lures include, fake invoices, tax refunds, threats, such as immediate account suspension or loss of paychecks, and offers, such as free coupons and lottery prizes.
How to protect against phishing
Activate spam filter
Your first line of defense against such attacks is your spam filter. So, ensure that your spam filter is on. This one step can protect you from the majority of phishing emails.
Unfortunately, spam filters fail against advanced phishing attacks. Such attacks originate from real email addresses, so the filter cannot block them.
Watch your emails
Thus, you also need to grow vigilant against emails that look suspicious. Firstly, be careful when answering emails that threaten you with damaging actions, such as account suspension or a subpoena. Avoid answering them, and contact the service directly. Secondly, look for spelling errors in the email. Most importantly, pay special attention to the sender’s email address and the links.
We suggest against clicking on buttons and links disguised as attractive texts. But, if you must visit the page, then, you should copy the link into your address bar to check if the link is legitimate.
You need to make it a practice to enable 2-factor authentication on all your services. So, whether it’s your email account, bank account, pension account, or your computer, mobile phone or a smart device, you should activate the service immediately.
Inspect the address bar
Additionally, adopt the habit of checking the address bar of your browser. Every time you open a website, check for the locked hasp icon and https in the address bar. Because, if a website is missing these two traits, then it’s unsafe. It could be a phishing lure as well.
So, never enter your personal details on a website that doesn’t have https and is missing the lock icon.
Lastly, ensure that you patch your computers and phones. You can do this by turning on automatic updates on your devices. But, if you are a business user, then ask your IT staff first.
Unfortunately, phishing is just one form of a broader category of scams. We use the term social engineering for such scams. These attacks can take many forms.
- Malvertising, in which criminals use pop-ups and ads as lures
- Vshing, or voice phishing. Criminals impersonate as tax agents and bank employees, and call or leave a voice message on the victim’s phone, and threaten them with strong language.
- Smishing, or SMS phishing, in which victims are conned using text messages.
In a nutshell, be vigilant while you’re online. Firstly, do not click on links that you do not trust. Secondly, think twice before sharing your sensitive information. Lastly, and most importantly, never fall for online lures, whether they are threats or free gifts.