Phishing scams…not to be confused with ‘fishing’ scams. Every person who has used a digital platform (telephones, included) has likely come across a phishing scam. It’s the digital version of scam callers who claim your SIN was flagged or the FBI’s out to get you. Most commonly, phishing scams take the form of a sketchy email, but they take other forms as well. It’s common to think these scams are just a normal part of the internet but there are ways to protect yourself.
Let’s get into it!
What Is a Phishing Scam?
Phishing scams are the most common type of cybercrime to occur in 2020, according to the FBI. In short, a phishing scam is a digital con designed to manipulate the victim into revealing sensitive information to the attacker.
This manipulation can occur in two general ways:
Method #1: by posing as a trusted company urgently asking to provide sensitive information.
For example, say a scammer is posing as PayPal and the victim receives an email that is designed to look like a PayPal email. In the email, it says that the victim’s account has been hacked and is required to pay a fee to recover their information. This is a scam.
Method #2: also posing as a trusted business but the communication is hiding ransomware.
For instance, a scam PayPal email comes into your inbox congratulating you on winning a large amount of money. The instructions tell you to click a link within the email. This is also a scam. Plus, this link is likely a cover for a virus that will download onto your computer once it’s clicked. This virus is likely ransomware, designed to find, steal, and encrypt your sensitive data which they’ll hold for, well, ransom.
Of course, these are just two very specific examples of phishing scams. So, keep in mind that fraudsters are always changing tactics to siphon your sensitive data.
You may be wondering: what are the signs to watch out for to protect yourself? Well, QuickProtect has the answers.
Types of Phishing Scams
There are three types of phishing scams: mass-scale phishing, spear phishing, and whale phishing.
Mass-scale phishing happens when attackers cast a broad net of scams that aren’t targeting any specific person. Plus, these are the most common type of phishing scams. The two PayPal examples mentioned above are examples of mass-scale phishing. Basically, any person is a target of mass-scale phishing.
Spear phishing scams are tailored to a certain type of user or group of victims by using personal details. These hackers will get to know their targets on a very deep level. Basically, they’ll collect as much information about each victim as possible to personalize the attack. This way, the scam seems more legitimate, therefore more effective. Further, these scams are less likely to carry malware as they are more motivated to steal credentials or money. For example, a hacker may pose as someone from your company’s HR department, specifically asking your employees for login credentials.
Whale phishing occurs when the attack targets a large company or a large title within a company (a CEO, for example). Similar to spear phishing, these scams mimic authentic communication that a high-ranking employee could receive. Also, whale phishing has the same goal: money or credentials. Further, whale phishing can also take the persona of a CEO, looking to collect sensitive information within that company. For example, a hacker poses as Elon Musk and asks the CFO for the business’ banking information.
Signs of Phishing Scams
- An email insisting on an urgent response. Emails like these will make the user feel flustered or distracted so that they forfeit their control without thinking.
- The email has a lot of spelling errors. The majority of emails hide from spam filters with spelling mistakes to reach your primary inbox rather than the spam folder.
- Inconsistencies in email addresses. Sometimes the scammer will mimic a regular contact to seem trustworthy. Check the address before you decide to respond.
- Emails with unfamiliar or unusual greetings. Many companies traditionally use formal greetings when sending a colleague an email. Other companies are more casual. Depending on the environment, if the greeting sounds out-of-the-norm, it probably is.
- Suspicious links and domain names. Teach your employees to hover over a link in an email before clicking on it. This will determine whether or not the link is legitimate. It’s probably a scam if the link looks like it came from HR but hovering over it shows an unfamiliar website.
- Be careful of suspicious attachments. Most companies use Dropbox, OneDrive, or Google to share documents. So, if you get an email with file attachments, be extra vigilant as it could be a scam or malware.
- The email seems too good to be true. We all wish we could win a million dollars, which is why scam emails use that to steal your information. If it seems too good to be true then it probably is…unfortunately.
- Flag emails asking for sensitive data. These emails typically demand login credentials, payment details, or other sensitive information. Armed with the best practices above, your employees can independently determine the genuine emails from the scams.
QuickProtect Can Help
Having educated and vigilant employees is one thing, but having endpoint protection is another. Back up your team with QuickProtect’s endpoint protection service. Endpoint protection includes defending against viruses, malware, and ransomware. We will even patch weak points in your systems and scan for vulnerabilities. Learn more about how QuickProtect can help by reading our endpoint protection page.