5 Things To Know About Phishing
The more you know about phishing, the better you can spot phishing attacks and not become a victim.
Phishing is a form of fraud in which cybercriminals try to scam people into providing sensitive information (e.g., login credentials, account information) or performing an action (e.g., clicking a link, opening an email attachment) in order to steal money, data, or a person’s identity. The five items below can assist in protecting you:
1. Phishing Is Not Just About Emails
Most often, cybercriminals use emails and websites in their phishing attacks. Sometimes they even use both channels in the same scam. For example, they try to get people to click a link in a phishing email, which sends the victims to a phishing site. Similarly, cybercriminals might try to get people to click a link in a text message, which leads to a phishing site. Phishing calls are also becoming common and increasing rapidly.
2. Hackers Like To Reel In Certain Types Of Victims
While phishing attacks were initially targeted at consumers, cybercriminals quickly discovered that businesses are also lucrative targets. In 2018 alone, an estimated 83% of businesses experienced phishing attacks with small and midsized companies being most often targeted. These companies are sought out, as they often do not have the expertise or resources to properly secure their businesses against phishing scams and other types of attacks. Cybercriminals most often target executives, administrative assistants, HR staff and sales team members.
3. Phishing Sites Can Be HTTPS Pages
Cybercriminals are increasingly using HTTPS sites for phishing. Hackers are counting on people being lulled into a false sense of security when they see the “https” designation and the accompanying padlock icon in their web browser’s address bar. When some people see these two elements, they assume that a site is safe. However, the “https” designation simply indicates that any data sent between the browser and the website is encrypted. It does not signify that the website is legitimate or free from malware. Experts estimate that more than half of phishing sites are HTTPS sites. The situation is getting so serious that the FBI issued a public service announcement in 2019 warning people about this.
4. Cybercriminals Don’t Take Holidays Off
Hackers go phishing 365 days a year, which means people should not let their guard down, even on holidays. Often Cybercriminals ramp up their efforts and customize their programs for seasonal events such as Boxing Day, tax season and Cyber Monday. Cybercriminals also often prey on people’s compassion, by pretending to be collecting donations for disaster victims or charities.
5. Phishers Are Skilled Impersonators
Cybercriminals commonly impersonate legitimate contacts and companies to carry out their phishing scams. When targeting a business, cybercriminals often pretend to be someone within the company, or a client, supplier, or organization that does business with the company. Hackers often masquerade as representatives from popular companies such as: Microsoft, PayPal, Netflix, Banks, UPS, Rogers, Apple.
A Serious Threat
We can help protect your business by devising a comprehensive strategy to deal with the above types of phishing attacks.
We can help get you started with IT planning items to consider and how IT Services can assist.