With more and more employees working from home during the COVID-19 pandemic, email phishing scams are constantly appearing, trying to lure unsuspecting recipients into giving away valuable company information and hard-earned money. The distractions that come with working from home have made companies more vulnerable than ever.
Every day millions of phishing emails are sent and received all over the world; in the cybersecurity landscape, humans remain the weakest link. Here is how to spot the telltale signs of phishing scams and phishing emails.
According to Accenture's 2019 Cyber Security report, cybercrime cost impacted US companies on average about $13m annually, and this number is increasing year over year.
To help educate email users just like you, we'll break down some of the most common ways that phishing scams and emails are structured.
A wolf in sheeps clothes.
One of the most common phishing scams is when an email user receives a malicious email that appears to be from a friend or colleague. One telltale sign that something might be awry are if their note seems out of place or out of character for the sender. For instance, an email sent from a personal email address when only business correspondence had been shared previously. Another easy spot is if the originating email address seems to be a jumble of characters and numbers not readily associated with the sender. Often phishing scams that are personally targeted have and odd cadence, request funds or other information that are out of character for your friend or colleague.
What the boss wants, the boss gets.
C-Suite or CEO impersonation is becoming a fan favorite for hackers. Many of the phishing emails we see are structured to make the recipient believe that they are communicating with a member of senior management. Oftentimes, these phishing attacks request that a subordinate assist in securing gift cards, iTunes cards or the equivalent. Scenarios are often painted where the CEO is unable to chat on the phone and, for the moment, has access to their personal device but not there regular email. The phishing scam often involves a back and forth to build trust with the intended victim.
Another variant of the CEO impersonation scam is requesting funding for imaginary projects, or payments to vendors. This type of phishing scam typically targets lower-level employees in the financial or accounting departments and pressures them into transferring funds in a rapid and usually confidential manner.
I read the news today, Oh boy.
Social media has transformed the way businesses communicate; it has also provided a window into corporations that are ripe for cyber-criminal. Today with the use of networking sites like LinkedIn, it is incredibly easy to build a profile of a company through its employees. Titles, roles even reporting structures are freely available. Hackers know where their marks went to school, where they worked before, and even people they know. Many spear phishing scams involve targeting specific individuals within a corporation by exploiting their corporate hierarchy. In our top 5 phishing scams blog, we counted almost $250m worth of misappropriated funds which came from a combination of social engineering and CEO impersonation. Press releases, new product launches, financial results all provide ample opportunity for the birth of a new phishing scam.
Benefits or Bust
When you sign up for a 401k or Health Benefits, you end up parting company with your name, social security number, home address, and many other important personal pieces of information. The surrender of one's information goes part in parcel with the process, and so when we receive an email asking us to update our personal information or renew our benefits, we often click through without thinking. However, phishing scams in which the hacker is posing as your benefits provider are becoming more common. Phishing scammers are becoming highly adept at creating convincing clones of legitimate corporate emails. Once persona; data is compromised, recovering one's identity can be extremely difficult.
Pass the Word On
How do you get someone's password? You ask for it. Office 365 phishing scams and other password reset emails are becoming extremely common. This type of phishing attack is straightforward to execute, and many phishing redirect websites come replete with real (though misused) SSL certs and faked graphics and iconography. Amazingly, we often see fake O365 emails that are so convincing they are passed as safe though other email security filtering programs.
INKY's Phish Fence takes all of the flavors of Phish and renders them harmless. With Phish Fence installed users don't have to worry about being successfully phished. Instead, all emails are evaluated in milli-seconds. Dangerous emails are either filtered off to quarantine or are or given a red banner, which INKY customers know as an email fraud alert. INKY's banner system also serves as a form of in-line training for impacted associates, informing them of the details behind that particular phishing scam. Further, should a yellow banner email be received users can also self-report that a phishing email is suspected.
INKY® is the emerging hero in the war against phishing. An award-winning cloud-based email security solution, INKY® prevents the most complex phishing threats from disrupting or even immobilizing your company’s day-to-day business operations. Using computer vision, artificial intelligence, and machine learning, INKY® is the smartest investment you can make in the security of your organization. INKY® is a proud winner of the NYCx Cybersecurity Moonshot Challenge and finalist in the 2020 RSAC Innovation Sandbox Competition. Learn more about INKY® or request an online demonstration today.