When it comes to emails — if it sounds too good to be true, it probably is.
That’s because many cybercriminals use emails to entice victims into parting with personal data or other sensitive information, like credit card numbers, in a hacking technique known as phishing.
Typically, these scams involve lucrative offers, deals of a time-sensitive nature, misspelled hyperlinks, bogus attachments that contain ransomware or other malware, and emails from suspicious or unknown senders.
While the rule of the day is to avoid clicking on any email, link, or attachment that seems in any way out of the ordinary or unexpected, cybercriminals have generated a host of new methods to capture your valuable data.
Go Phishing — 10 Clever (New) Ways Cyber Criminals Get You on the Hook
Evolving technology has provided even more opportunities for cybercriminals to worm their way into your inbox with ever more sophisticated techniques.
Here are a few of the newest tactics to be aware of:
1. Smishing
These text messages seem to come from reputable sources, but they contain malicious links or attempt to get users to provide sensitive information. Always check out unfamiliar numbers or research companies mentioned in unusual SMS messages.
2. Vishing
Using a voice over internet protocol (VoIP), phishers seek to impersonate credible organizations through a phone call, asking for credit card details, passwords, or other sensitive data. Recognize that legitimate organizations don’t ask for this information over the phone.
3. Pharming
In this scam, the cybercriminal alters an IP address to direct it to a malicious website that impersonates a credible one. They then harvest your login details to get access to accounts and private data.
4. Prize Scams
These “fee-for-prize” scams notify the intended victim that they’ve won a prize and must pay a small processing fee or delivery charge to take delivery of the prize.
5. Content Injection
Phishers will change a part of a reputable website’s page content to redirect visitors to a malicious site where they’ll be asked to enter personal information.
6. Low Cost Services or Products
As we mentioned earlier, if it looks too good to be true, it probably is. Phishers design malicious sites that appear to offer products or services at an unbelievably low cost. The user is directed to enter credit card details or provide personal information to “qualify” for the deal.
7. Loyalty Points Scams
There is a disturbing lack of security with most merchant loyalty programs that allows phishers to gain access through a phishing attack. Once access is gained, the account can be drained and personal details such as credit card numbers can be retrieved.
8. Whaling
A whaling attack targets a high-profile employee of an organization to get a hold of sensitive data about clients or other employees. Not only can this cause financial loss, but it can undermine the targeted organization’s reputation.
9. SaaS Phishing
This technique, in which cybercriminals steal login information for SaaS sites, accounted for 36% of all phishing attacks in just one quarter of the year, making it a high-profile threat.
10. Money Mule Scams
Using social media, cybercriminals promise the targeted individuals money if they allow access to their bank accounts for the purpose of passing through, or laundering, money.
Since cybercriminals show no sign of easing up on their hard-hitting tactics to get access to your personal or company data, you need to make IT security a priority and take measures to protect yourself — and your organization — from attack.
Cyber Safety — How to Be the One that Got Away
Besides the common-sense rule of not clicking on any link, email, or attachment that seems unusual, unexpected, or suspicious, there are a few best practices to protect yourself from phishing attacks.
First and foremost, update your software and hardware with all IT security patches as soon as they are released. A protected infrastructure is your first line of defense against cybercriminals. Along these lines, if you have employees, make sure they are trained on proper cybersecurity measures and understand the company rules regarding sensitive data.
Next, require two-step login authentication on social media and other accounts where it is available to foil brute force hackers.
You can also join Web of Trust, a browser add-on that helps filter malicious websites and links for all devices, mobile and desktop.
If you want to ensure your printers, copiers, faxes, and scanners are as safe as possible from malicious access, contact a PointManagement MPS consultant today.