Phishing is a term that was adapted from the word “fishing.” When we go fishing, we put a line in the water with bait on it, and we sit back and wait for the fish to come along and take the bait. Maybe the fish was hungry. Perhaps it just wasn’t paying attention. At any rate, eventually a fish will bite, and you’ll have something delicious for dinner.
How Does Phishing Work?
This is essentially how cyber phishing works: Cyberthieves create an interesting email. It might say that you’ve won a $100 gift certificate from Amazon. Sound too good to be true? Find out! All you have to do is click the link and take a short survey. Easy enough, right?
Once you click the link, guess what happens? A virus is downloaded onto your system. Sometimes it’s malware, and sometimes it’s ransomware. Ransomware encrypts all your files until you pay the ransom. Even then, there’s no guarantee you’ll get your database restored. Malware is all about stealing credentials, passwords, and other valuable information from your company. Sometimes it’s just about destroying your data.
Malware includes Trojans, worms, spyware, adware, and rootkits. These malicious programs each have different goals, but all are destructive and aimed at harming your computers.
As cyber thieves continue to steal from people all over the world, they create new ways to do this. After all, many people have become familiar with some phishing scams so they may not work as well. The solution is to come up with new scams that are enticing—things that users may not have heard about before. The more convincing hackers can make their scams, the more successful they will be.
How Has Phishing Changed?
The entire landscape of cybercrime is changing. In the old days, it was mostly a teenager sitting in their parent’s basement, trying to find clever ways to pass the time. Unfortunately, this crime has become so successful that the governments of countries are now involved. A vast majority of ransomware scandals originates in Russia, and China is at the top of the list for information theft and cyber-espionage. These governments employ thousands of hackers. And these aren’t kids in a basement, they are formally educated software developers and programmers who have been specifically trained in high-level hacking techniques. They have teams of IT experts who work around the clock to constantly create new and more effective hacking scams.
When hackers are backed by a government like China, they have practically unlimited resources. This makes them even harder to stop. If they were merely individuals committing crimes for personal gain, the authorities could track them down and put them in jail. But today’s cybercriminals are well-organized agencies that are part of a large foreign government, so stopping them is almost impossible.
What Are Some Of The New Types Of Phishing Scams?
Below, we discuss some of the most notorious cybercrimes and some new ones that are making the rounds:
Sextortion: Have you ever sent nude pics to someone? Even if you haven’t, a hacker will sometimes claim that they’ve got pictures from your webcam or they’ve buried pornography on your computer that they plan to expose to the authorities if you don’t pay them. In fact, more often than not, they don’t really have any pictures. But they use your fear of the possibility against you. And if you own a business, then this can be a crime that pays well for thieves. They send the business owner a little sample of the erotic photos, then demand money or else they’ll publish them on the Internet. The problem with this crime is that there’s no guarantee they ever had anything. You may pay the criminals and still not be sure.
Gift Cards: This scam is highly successful because typically the thieves don’t ask for very much money. Many victims will go ahead and pay even if they suspect that it’s a trick, just because there are only a few hundred dollars at stake. And these threats may not just come from an e-mail. You may get a phone call from someone saying they’re from a creditor or the IRS. They will speak in hostile threatening tones. They’ll claim that if you don’t pay up immediately, terrible things will happen—maybe your car will be repossessed. Next, they instruct you to go to a local store like Walmart and buy gift cards in the amount you owe. Once you buy them, you call the thief back and give them the numbers found on the back of the cards. Once they have these, they can use them online to make purchases. Don’t fall for it!
Phishing/Ransomware: Phishing crimes have become so successful that now there are variants like spear-phishing, vishing, and smishing. These are all forms of the same ruse. A hacker will send you a very convincing email. It may say something like, “Congratulations! You’ve just won $100 from Amazon. Click on the link below to claim your prize.” or “UPS Delivery Notification – Click on the link to track your package.”
You click on the link and guess what? A malware or ransomware virus is downloaded onto your computer. If you’re a business owner, this virus can spread quickly to other computers. In many cases, all your computers are locked and your data encrypted, and then you’ll get an ugly message saying that if you want your files restored, you must pay a ransom. Sometimes business owners follow the instructions on the screen and they get their files back…but, many times they do not or are extorted for more money. There’s no guarantee. Ransoms are always demanded using cryptocurrency because this form of payment is untraceable and you can’t “call it back.”
Wire Fraud Scam: Hackers are targeting the human resource functions of businesses of all types with phishing. They’re convincing employees to swap out direct deposit banking information to offshore accounts. A nonprofit in Kansas City (KVC Health Systems) said that there were numerous attempts each month involving scammers who were trying to convince their payroll personnel to change information about where to send employee pay. The IRS recently released a warning about an uptick in a wide range of fraud attempts involving payroll information. ALWAYS be suspicious if anyone asks you to wire money to them, or “update” banking information. Follow up with the legitimate source via a direct phone call to verify.
What Can We Do To Stop Phishing For Our Business In SE Texas?
You may have spent years trying to build and grow your company. You have a huge amount of time and money invested, and yet one cyber attack could bring your company to its knees, or worse.
The first thing you need is knowledge. Knowledge is still power in our world. You need to know how cyber attacks occur. What are the latest phishing scams? How does ransomware work?
You also need to train your employees so they’ll know as well. Just one careless employee can open the door to thieves and cost you thousands of dollars. It’s much less costly to train your employees about cybersecurity threats than to deal with an actual cyber attack. Make sure your employees get regular training to remind them how to recognize a phishing email or malicious website. And make sure you cybersecurity training vendor performs routine simulated Phishing tests on your users, so you can identify and address those employees who are prone to these attacks. Remember, all it takes is ONE of them to click on a malicious e-mail!
Unfortunately, cybercriminals will never go away. In fact, with state actors involved in the “game” now, the only thing you can count on is that it’s going get worse. Cybercriminals have been too successful, and there’s almost no chance of getting caught. Your only defense is to focus on protecting yourself and your data with the best security systems and protocols.
And we know how daunting all of this can be, so if you’re not absolutely sure whether your cybersecurity posture is strong enough, hire a managed IT cybersecurity provider. They can perform penetration testing to assess your level of security and can give you recommendations on how to remediate your vulnerabilities, and stay more secure.
A great managed IT service provider in Nederland, Texas can do a full assessment of your entire cybersecurity posture, and let you know where you need additional protection. When you have the best cybersecurity platform and policies in place, your business will be safer, and you will sleep better at night.
If you found this article helpful, we have many more in our Blog.