(Newswire.net — March 9, 2020) — According to new data released by the FBI, phishing scams — a long-time challenge for businesses and their cybersecurity teams — aren’t going anywhere.
In 2000, the FBI’s Internet Crime Complaint Center (IC3) was established to field and manage complaints concerning Internet-enabled crimes and scams. Last year, IC3 saw its highest number of security-related complaints to date, receiving a total of 467,361 complaints. According to the center, “The most frequently reported complaints were phishing and similar ploys, non-payment/non-delivery scams, and extortion.”
These scams — especially phishing — aren’t new. But according to IC3’s chief, new scams aren’t actually the problem. Rather, “criminals are getting so sophisticated,” says IC3’s chief, Donna Gregory. The FBI’s data suggests that hackers are simply “deploying new tactics and techniques to carry out existing scams.” Unfortunately, Gregory continues, “It is getting harder and harder for victims to spot the red flags and tell real from fake.”
We want to help you tell real from the fake when it comes to phishing scams.
Washington DC IT support professional Brian Loughlin with Intelice Solutions answers this important question, “First, what is phishing?”
What Is Phishing?
Phishing is a cyberattack method that uses electronic communications (most often email) to deceive victims and ultimately get them to give up sensitive information such as login credentials. With this information, hackers can further infiltrate an organization and steal, corrupt, share, or hold for ransom their data.
What Are the Most Common Signs of a Phishing Scam?
If you are concerned about phishing scams within your business (and you should be), be on the lookout for these common phishing red flags — most often seen in emails:
1. Impersonal greetings
Let’s say your name is John Smith. Look for emails that start with generic greetings like, “Hello John Smith” or “Hello Current Member.”
2. Questionable sender email addresses
At first glance, the address might look legitimate but take another look. Often, the sender has an email address that is close to authentic, but slightly off. For example, if your bank is called Green Grove Bank, the email might be from “info@greengrovbank” (missing an ‘e’) or “info@greengrovesbank” (additional ‘s’).
3. An urgent tone
Phishing emails want to scare the recipient. A so-called email from your bank may tell you that someone has compromised your checking account. A so-called email from your phone company may state that your phone number and address was found on the dark web. In both cases, the emails will tell you that if you don’t act now, terrible things could happen.
4. Funny-looking graphics or oddly-phrased text
It’s not uncommon for phishing emails to be sent from foreign countries where the hacker senders do not speak English as a native language. This may result in grammatical errors or odd phrasing.
5. Directions to take a specific, immediate action
Along with the immediacy of the email is often the direction to take a specific action. For example, the message might tell you to “go here,” (to a web address that is hyperlinked in the email), “download an attachment,” or click on an attached image or file. It’s important not to do this as these will inevitably be gateways to malware and malicious downloads.
What Should You Do if You Think You’ve Spotted a Phishing Scam?
If you notice any of the signs of a phishing scam listed above — or others — contact your cybersecurity specialist immediately. Well-trained and sophisticated IT service and cybersecurity professionals often have the ability to stop a breach of data right away and prevent the hacker or automated malware from doing extended damage.
Of course, mitigating widespread damage should be your goal after a scam has been spotted, but the ideal alternative is to prevent data breaches altogether. For this reason, it is critical to speak to a security professional or Managed IT services company with unique experience and skills in cybersecurity. The more security measures and training you have in place, the more likely you are to avoid a data breach and keep your business safe altogether.