So, what is Phishing? Here’s the definition: phishing is the act of defrauding someone online by posing as a legitimate company or person. Even more simply put, phishing occurs when cyber criminals pretend to be someone or something they’re not to steal from you or your company.
The most common form of phishing occurs when hackers “spoof” email addresses, making yourcompany.com look just like yourcompany.com. Sometimes, phishers will use links to illicit websites, real-looking attachments, invoices, or delivery notifications to either spread ransomware or convince you to cough up secure account details, financial information, or confirmation of a wire transfer.
Consider these statistics from Symantec that show a marked growth in phishing attempts:
- Spam emails increased by 53% in 2016
- In 2016, one in every 131 emails contained malware
- Fake invoice messages were the #1 type of phishing lure
- More than 400 businesses are targeted by scams every day
- One in every 3000 phishing emails are directed at small to medium-sized businesses (company size ranging from 1-250 employees)
- The word “request” was the most popular keyword in the subject line of phishing emails
- 79% of organizations reported being victim of a phishing attack in 2016
- The construction industry saw one of the highest spam rates at 59%
- 90% of companies admitted that one or more employees have fallen for a phishing attack
- Your IT guy asking you to log in to a system or website
- Your manager asking you to “open the attached document”
- Your CEO asking you to initiate a wire transfer to one of your vendors
Let’s evaluate a sample email from Discover Card.
First, let’s look at the sender. Does the email look like it came from Discover Card (i.e. email@example.com)? Not from my viewpoint.
Next, look at the “To” field. This says “Recipients”. If Discover Card (or any other vendor) were to send an email, it would be addressed to you. Recipients indicates a large group of people. So, if my card has been suspended, don’t you think I would have received a personalized message?
Lastly, The link “Proceed Here” does not go where you think it would go. If you clicked on the link, it will take you to a page that looks just like a Discover Card page. AND, if you enter your personal information, they’ve got you and all of your banking information. The link actually takes you to a site like this one:
So, here are a few important things to remember:
- Don’t share any personal information via email, especially passwords, financial details, phone numbers, etc.
- Don’t click on websites in email messages, just enter them manually.
- NEVER open any attachments you are not expecting. File type does not matter. If you get something, call and ask if they sent something to you.
- Watch out for misspellings and Urgent Requests. Poor grammar is a telltale sign of a phishing attempt.
- If requested in an email, do not execute Wire Transfers.
Elite Networking & Consulting offers their clients a cloud-based software product that provides a high-end security solution that stops infections from attacking your data, including an Anti-Ransomware module that stops this horrible infection from attacking your computer. This is the benefit of working with an IT Professional.
If you would like additional information on the Security Solution that is offered by Elite Networking & Consulting, please either call us at 855-767-9685, ext. 700 or send an email to firstname.lastname@example.org.