If You Suspect Deceit, Hit Delete. Phishing Attacks Explained
As our forms of communications have evolved so have the creative maneuvers of cybercriminals who seek to obtain our private data. If you use a computer or mobile device by now you’ve likely heard of phishing and probably even been a recipient of a questionable email, text message, or phone call. Phishing attacks are no longer just a poorly written email and now come in many forms. Bad actors have fine-tuned and expanded their trickery to make themselves appear reputable in the attempt to gather private consumer and business information.
Phishing is a cybercrime that leverages deceptive emails, websites, text messages, and other means of communication to steal confidential personal and corporate information.
Victims of phishing attempts are tricked into giving up private data such as credit card accounts, phone numbers, mailing address, company information and more.
The information is then used by these bad actors to steal the victim’s identity to commit further crimes using the stolen data. Phishing tactics are often successful because criminals carefully hide behind emails, websites, and company names that will appear familiar to the intended victim.
How has Phishing Evolved?
In recent decades we have seen the number of computers and mobile devices multiply greatly making these scams incredibly lucrative. Phishing attempts are the first step to more invasive and damaging attacks. The operations are low-cost, can be conducted on a massive scale, and when successful can be extremely profitable.
Cybercriminals need little to no computer or software skills or knowledge to conduct these attempts, a phishing email can be drafted and sent out to countless numbers of intended victims all within a few short hours.
The Many Faces of Phishing
Phishing attempts are often disguised as coming from known companies or personally known individuals and may cause irreparable damages to consumers and corporations. Emails and text messages (Smishing) are disguised as coming from familiar entities and will attempt to lure to the recipient into clicking a link to update delivery addresses, payment methods, or other account information.
Link manipulation is often successful because cybercriminals are sending out what appear to be legitimate messages in the hope that the recipients will receive the communication, and believing it to be from a trusted source, click on an enclosed link. Once the receiver clicks on the malicious link the sender than can collect confidential data that can be used to access personal and corporate accounts information which is used to extort the victim financially, or just wreak havoc.
Cybercriminals use these schemes to harvest consumer and corporate data such as payment and account numbers, driver’s license numbers and passport details, emails, mailing addresses, and phone numbers. The information they look for can belong to the individual or organization itself, or that of employees, contractors, and other contacts.
Targeting companies can be especially worthwhile since businesses usually have a large amount of private data stored. According to Fundera small businesses are often specifically targeted, approximately 43% of cyberattacks are launched against smaller companies. This targeting is a result of the limited resources and cybersecurity expertise available to defend against cybercriminals, 3 out of 4 small businesses do not have a dedicated IT team or personnel.
Although the threat of phishing cannot be fully eliminated there are precautions that can be taken to minimize the risk. Experts recommend using available security features such as firewalls and threat detection, email and website scans, backing up digital records, unique passwords, and multi-factor authentication for accounts. One of the biggest threats comes from the human element, so cybersecurity awareness training is strongly encouraged to train and educate end users on cybersecurity and best practices.
What to Do if you are Compromised
If you are the victim of a phishing attack, report it at wwwIC3.gov. This way law enforcement can establish trends and aggregate attacks to justify taking down these criminals. With advances in GAN AI, even the AI defenses will have a hard time distinguishing between friend and foe. If something seems a little off, pause before you click. 1 out of every 30 emails (on average) is a phishing attempt. As the FBI says about these phishing attacks, if it seems too good to be true, it likely is.
If you don’t currently have a committed IT service provider, we strongly encourage you to find one that suits your business needs. Not sure where to start? Our DTC IT Experts would be more than happy to help answer any questions you may have about your business or practice IT infrastructure! Feel free to call us at 410-877-3625 or send us an email to [email protected].
Contributed by DTC staff