Common phishing scams and signs

Phishing is a well-known cybercriminal activity that involves the theft of personally identifiable information like login, banking, and credit card details. At the heart of any phishing attempt is a well-designed spoofed email or website, and phishers count on employees being so busy that they easily fall prey to such tactics.

Being protected from phishing begins with you and your employees being aware of common tactics.

Spoofed email and spoofed websites

Spoofed emails often appear to come from a well-known company or institution or from people like your friends, family, or co-workers. CEO fraud and the use of subdomains are two well-documented techniques. With CEO fraud, phishers bank on an employee’s unquestioned obedience to the boss and send a bogus email claiming to be from the CEO. Meanwhile, the subdomain technique involves using the name of a trusted company in the sender's email address and slightly modifying it with a term such as “customer service” to trick the receiver into yielding sensitive information.

Spoofed websites can appear like the real thing. What appears to be the website of your bank will turn out to be a meticulously forged copy. The subdomain technique is one detail you should watch out for in the web address. A more sophisticated technique is called URL cloaking, whereby the URL of a trusted site is used to disguise the URL of a fraudulent one.

Spoofed emails and websites gain your trust by pretending to be from a legitimate source, such as your bank. Scammers often use these two techniques together to make the con seem even more legitimate, with a spoofed email containing a link that leads to a spoofed website.

Phishers rely on you being in a hurry and neglecting to scrutinize details. Be cautious at all times. If you notice anything suspicious about the URL, check its legitimacy by manually typing it into the browser on a new browser page.

Credit card and bank scams

Credit card phishing scam begins with phishers counting on your familiarity with receiving the occasional credit card company email. This phishing email's urgent warning and call to action is a dead giveaway. Another giveaway is a link that leads to a website that aims to steal your credit card number.

On the other hand, a bank phishing scam entails sending spam mails that look like actual bank emails, complete with official forms, logos, and layout. Be vigilant, as banks will never include a form or a link in an email, or a popup in their websites. If a bank really wants to alert you about an urgent matter, they will do so through their online interface, not through email.

7 phishing signs to watch out for

Watch out for the following signs whenever you receive suspicious emails or follow a link from one:

• An offers sounds too good to be true or has attention grabbing statements such as “You've won an iPhone!”
• An email is asking for personal and sensitive information such as bank details. Legitimate banks and/or government agencies will never ask for personal details via email.
• “Act fast! This offer is only for a limited time.” Or “Warning. Update your account or risk losing it.” Trustworthy organizations will not rush you or threaten you in such a manner. A sense of urgency or air of desperation is a common psychological tactic to push one into acting carelessly.
• Hover over a link within an email message to reveal its actual URL. Be wary of URLs with random characters. Take a look at the URL carefully and see if it has a subdomain or a slight misspelling that is almost undetectable.
• Attachments, especially in an email you weren't expecting, often contain malicious payloads, such as ransomware.
• The greeting is generic. Check for inconsistencies with greetings from past correspondences. A service-oriented business like a bank will almost never greet you in a generic tone.
• Poor design, glaring design flaws, poor grammar, misspellings, and unprofessional-sounding copy are signs of a spoofed website. Legitimate businesses spend a lot of money to get websites to look and sound professional.

Phishing is just one of hackers’ methods of attack. Paired with malware, it could cripple a business. Excellent cybersecurity is a must-have immunity system for your business against cybercriminal activity. Along with IT consulting, Netquest’s cybersecurity services can safeguard your business’s data and lines of communication against attacks, as well as train your employees on how to detect risks. Contact us today.