Cyber Thieves Stepping Up Phishing Attacks
Based on the latest statistics, identity thieves and cyber-fraudsters are stopping at nothing in their pursuit of your sensitive information and your money. With so many more employees working from home due to the global pandemic, the opportunities for cyber criminals to take advantage of user error with successful malware or ransomware has also increased.1 26% of remote workers have personally experienced a cyber-attack based on Microsoft research.2 Not only are they becoming more prevalent, cyber-attacks are also taking on many more forms, with more than 197,000 variants swirling around in cyber space. Worse, cyber criminals are becoming far more effective, more sophisticated, and more nefarious. In 2019, the worst data breaches were: the Capital One Financial Corp. breach in July that exposed 100 million records and the October Adobe Creative Cloud breach that exposed 7million users.3 With that kind of take you can expect cyber thieves to become even more relentless in pursuit of your money.
Recognizing a Phishing Attack
Chances are you have been the target of a phishing scam. Most phishing emails show up in your inbox appearing as a somewhat legitimate message from a bank, a retailer, a service company, a government agency or even someone from within your business. It may have even included your name in the salutation. In the email you might’ve found an alert about an account that needs updating, a question about recent order you placed, a request to complete a survey or a warning about an account that is about to be closed – messages designed to get you to click on an embedded link.
Should you click on the link, you will be directed to a website that looks legitimate, but it’s not. If you enter your login credentials as you are asked to do, you will be giving the phisher all it needs to impersonate you on the actual website, where it will proceed to drain your account or spend your money. However, if you recognized the email as a phishing scam, you simply delete it and move on –until the next one hits your inbox.
More Businesses Paying Ransom for Data
A more insidious phishing scam includes an attachment, which will deploy an encrypted malware that proceeds to lock down your data if you open it. The malware will then display a message informing you that your data can be retrieved in exchange for a ransom. Ransomware is the fastest growing phishing scam, accounting for more than half of all attacks because it is often successful. It is by far the easiest of all cyber-attacks to monetize, providing a quick return on investment for the thief. Because the price point of the ransom is typically low, in the range of $500 to $1,000, the victims (which tend to be small to medium-sized businesses) pay quickly rather than expend the resources required to recover the data by other means.
Spear Phishing Harder to Detect
As evidence of the growing sophistication of cyber thieves, an increasing number of individuals and businesses are being targeted by spear phishing. Whereas traditional phishing targets a broad and random set of email accounts, spear phishing emails are designed to look as if they originate from someone you know and trust, such as a colleague or a superior. The subject line may include a reference to a particular project or relevant industry information. The attacker may have studied your Facebook, Twitter, or LinkedIn accounts to gather the intelligence used to impersonate a person of trust. As with an ordinary phisher email, it will include an attachment or link that when opened will unleash a malicious virus such as ransomware or an undetectable spybot that can drill into the backdoor of your network and siphon off sensitive data.
You are the First Line of Defense
Phishing emails are especially effective because, once they land in an inbox, their viruses can elude a network’s firewall protection or security system. The attacks reported by businesses today are not coming from penny-ante fraudsters operating out of their basements; rather they are devised and launched by major crime organizations, international in scope, with the resources to stay one step ahead of security systems. That means you and your employees will always be the first and last line of defense. It requires continuous vigilance by everyone operating a computer to prevent a phishing attack. Cyber thieves are getting smarter, but their phishing attacks can still be detected when you know what to look for:
False “From” Address: You may receive an email from a business that looks legitimate, but a closer look might reveal a misspelling or an extra dash or underscore. Often the lower capital letter “L” is replaced with the number “1”.
Generic Salutation: Emails that don’t include your name in the salutation are spam and should be deleted.
“Phishy” Salutation: If you see any other form of your name other than your proper first or last name in the salutation, delete the email. For example, if you see your email moniker (i.e., smjohnson) as the salutation, delete the email.
Urgent Call-To-Action: If the message includes an urgent call-to-action, such as “action required” or “your account will be closed,” give the email some extra scrutiny.
Request for Sensitive Information: Legitimate businesses never ask for sensitive information in an unsolicited email.
Fake Links: Links can be made to look like the real thing. Look to see if the company name is spelled correctly and is in the right location in the link. Also, look for the https:// in the URL address. If it doesn’t include the “s”, it is probably a fake.
There is no better defense against security attacks than becoming thoroughly educated about the risk and arming yourself, your family, and your employees with the knowledge to prevent them.
* C-J Advisory, Inc. is a registered investment adviser located in San Jose, CA. Registration of an investment adviser does not imply any level of skill or training and is not an endorsement of any regulatory agency.
**This content is developed from sources believed to be providing accurate information. The information provided is not written or intended as tax or legal advice and may not be relied on for purposes of avoiding any Federal tax penalties. Individuals are encouraged to seek advice from their own tax or legal counsel. This material was developed and produced by Advisor Websites to provide information on a topic that may be of interest. Copyright 2021 Advisor Websites.