Phishing is one of the most dangerous cybersecurity threats because it’s the delivery system for multiple attack types, including ransomware, spyware, viruses, trojans, and more.
88% of organizations around the world reported experiencing spear phishing attempts in 2019. In the U.S. alone, over half (65%) of organizations were compromised in some way due to a phishing attack.
Whether you’re checking your personal or business email, there’s a good chance that you see phishing emails regularly, but you may not spot them all because they’ve become increasingly sophisticated.
Often phishing emails look identical to emails from major brands like Amazon or UPS (like this one below). So it’s important to always be on high alert, know what scams may be coming, and to take proper precautions like proactive support including antivirus, spam protection, and web filtering to block malicious sites.
What types of scams will be heating up this fall? We’ll go through the most popular phishing scams to watch out for and tips on how to avoid falling victim.
Be On Alert for These Phishing Attacks
Gift Card Scams
Gift card scams are a targeted phishing attack that heats up over the holidays when businesses may be purchasing gift cards for employees, vendors, or customers as year-end appreciation gifts.
In this type of scam, the attacker has usually done their homework on a site like LinkedIn to find the name of a higher-ranking employee, like a VP or manager.
An employee will receive an email purporting to be from the manager or executive asking them to urgently purchase gift cards that the sender “forgot” to have them get earlier. There is a promise of reimbursement later and commonly a note that “I’ll be unreachable for a few hours but need these urgently.”
The poor employee buys the gift cards, emails the codes per instructions and is scammed out of the money, because the scammer cashes in the cards immediately.
Fake Order & Shipping Notices
While these scams can come any time of year, they crank up in volume during the holiday season when everyone is shopping online.
It’s easy to miss the one fake receipt in the middle of several legitimate ones, especially when scammers spoof company email templates.
These scams will usually have a link to track or check your order which leads to a malicious site that either is a fake sign-in form designed to steal login credentials or that downloads malware onto your device.
Coronavirus Information Scams
It’s been the year of the coronavirus phishing scam. Phishing emails skyrocketed 667% earlier this year due to COVID-related phishing attacks.
These types of scams are still very much around and they’ll use a number of different tactics. Here are some of the most popular:
- Promise of a COVID outbreak map in your area
- Fake infectious disease policy you’re asked to review
- Links to sites promising fake coronavirus cures
- Phishing emails to college students purporting to be COVID information from their school
- Spoofed emails from the CDC and WHO with “COVID-19 guidelines”
Links to Legitimate Cloud Services
One newer scam that phishing attackers have been using is to leverage a legitimate service like OneDrive or Google Drive to mask a malicious link.
One scam is designed to look like a colleague is sharing a Microsoft Office file and gives a link to a OneDrive location. The recipient generally will trust this type of link, but once they click it, the link takes them to a file with malicious code that redirects them to a drive-by download site.
Best Ways to Avoid Falling Victim to Phishing
Staying safe from phishing at home or work involves both being cyber aware and putting safeguards in place in the form of software protections.
It’s important to always be on the alert that any email in your inbox could be a scam. You should be suspicious of emails by default instead of trusting them until you see a reason not to.
Ways to spot phishing in your inbox:
- Look for anything off, even the slightest misspelling
- Hover over links without clicking to see the real URL
- View the message source code in your email program to see the true sender
Phishing has become so sophisticated that it’s much harder to spot than it was a decade ago. That’s why it’s important to also put software safeguards in place.
These include things like:
- Web filtering
- Email filtering
- Antivirus and anti-malware application
- Firewall protection
- Anti-phishing software
Businesses, especially, should have proactive monitoring of their network and devices to identify any suspicious activity.
Managed IT services from Two River Computer for both business and residential clients also include vital update and patch management to ensure your system isn’t left vulnerable.
Keep Your Network Secure from Phishing Attacks
The experts at Two River Computer can ensure your New Jersey home or office network is completely secure, monitored, and protected from dangerous phishing attacks.
Contact us today to learn more. Call 732-747-0020 or reach us online.