It is no surprise that phishing attacks are on the rise as our lives are becoming increasingly digitized. In 2020, the FBI found that phishing was the most common type of cybercrime, doubling in number from 2019. It is increasingly important to consider the security of our online spaces and consider if we are engaging in proper cybersecurity practices. Cybercriminals are quick to adapt once they realize their ploys are no longer working and as a result cybercrimes are quick to morph and shift depending on the current climate. This post will go over some of the most recent forms of phishing attacks to watch out for alongside more tips on how to keep yourself safe!
By now, you are probably already aware of phishing, an online scam where cybercriminals impersonate legitimate organizations in an attempt to gain access to your personal information. Phishing can take many different forms including spear-phishing, whaling, and more! However, the most common types of phishing schemes occur via SMS or email. Oftentimes what happens is phishing messages contain a link to an external ‘company website’ where you are asked to fill out your information. However, these websites are fakes and the information ends up in the hands of cybercriminals. These cybercriminals will then either use the information to impersonate the victim and conduct fraudulent activity (i.e., apply for credit cards, loans, etc) or sell it to other cybercriminals on the Dark Web.
A group of hackers have recently been targeting Youtube creators by falsely offering them business collaboration opportunities. These cybercriminals use fake business emails to contact different creators before hijacking their channels. These channels are then either sold to the highest bidder or used to broadcast giveaway scams. Forged emails are becoming increasingly sophisticated and this group of hackers was using a variety of platforms including WhatsApp, Telegram and Discord to spread their emails. Although Google has taken actions to block these accounts and users, it is still important for YouTube users to remain diligent and aware of these risks.
Check Point recently released a phishing report containing data from earlier this year, they reported that Microsoft was the brand that was the most commonly imitated by attackers in phishing campaigns. Many of these fake emails include branding of the Microsoft logo in order to appear legitimate. Oftentimes cybercriminals will imitate either a fake SharePoint email, Office 365, or a voicemail notification. It is always important to double check the legitimacy and look over any suspicious emails, especially if they contain prompts for you to click on an external link.
Amazon was also listed as the second most imitated brand in the same Check Point report. Many of the same tactics deployed in Microsoft schemes also apply to Amazon ones. Cybercriminals will either ask for personal details either asking users to confirm their order or posing as the delivery team.
There are some things that you can spot within an email that should raise a red flag. Incorrect or slightly different emails are one of the biggest warning signs. These cybercriminals often exploit a sense of urgency and rely on the fact that you will overlook the small mistakes in the email address in your haste. Furthermore, the message of the email will often urge the user to break company policy or norms (such as asking for the employee to fast-track payments) - this should raise another red flag. Again, here the cybercriminals are trying to play to your emotions and require you to perform an “urgent” task. Finally, another trait to look out for is odd wording or terminology. Pay attention to the messages and tones and see if it actually lines up with previous messages or emails that you have received from the user.
With next-level email security you won't have to worry about detecting phishing scams yourself. We monitor all incoming emails for potentially malicious links and attachments. If we find anything even remotely suspicious, you'll be the first to know.
Some of the incoming malicious emails will be blocked completely, while others will show up still in your inbox with a notification stating that there may be malicious phishing content within the message.
We also provide monthly reporting which will allow our clients to see exactly how many incoming phishing emails they were able to divert.
Find out more here or at www.cyberunit.com