One constant threat when it comes to cybersecurity is phishing. Phishing are those emails that come in a variety of different formats, all designed to trick the recipient into thinking they’re legitimate and clicking on a malicious link or downloading a file infected with a virus or malware.
Email is a popular target of cybercriminals because it puts their message in front of someone who can mistakenly think it’s real, and by way of an authorized user downloading or opening a dangerous file, their malware can often get past basic security features. Having strong spam filtering and email security is important, because phishing attacks keep growing and becoming more sophisticated all the time. It’s estimated that 1 in every 99 emails is a phishing attack. Every employee receives an average of 4.8 phishing emails per week, and nearly 30% of them make it past default security. Phishing is the number one deployment method for malware and the main cause of data breaches, making it very costly to businesses. Phishing attacks cause business losses in a number of ways:
- Decreased productivity
- Loss of sensitive data
- Damage to reputation
- Monetary losses from a data breach
- Lost business
- Data privacy rule violation penalties (HIPAA, PCI, etc.)
To properly protect your business from a cyberattack, it’s important to ensure your cybersecurity plan is as strong as possible, and that includes ongoing employee awareness training of the new and emerging threats coming into their inboxes each day.
Watch Out for these Phishing Scams
As users have become wise to telltale signs of a phishing email, such as misspelled words and burry images, hackers have upped their game to create phishing emails that are much harder to detect. For example, the email below is designed to look exactly like an AT&T email, using their logo, colors, and footer. The only visible sign that it’s a fake is the URL when hovering over the “right here” link. Knowing to be on the lookout for fake emails of a certain genre can help prevent users falling prey to extremely sophisticated phishing attacks. Following are some of the attacks on the rise that users should watch out for in 2020.
SharePoint File Sharing Scam
One type of phishing attack that’s been exploding is designed to steal Office 365 login credentials. Once a hacker has the password to get into an account, they can send phishing and spam through your company email address, potentially gain access to more user accounts, and access files you have stored in the platform. One way they do this is through a fake SharePoint file sharing email. The recipient receives what looks like a normal request to share a SharePoint file. The link they see to click to share the file is a OneDrive link, which adds to the seeming legitimacy of the email request. But when the user clicks the link, it redirects them to a spoofed Office 365 login page that’s designed to steal their credentials as soon as they enter them.
PayPal Phishing Scam
Another emerging scam is created to steal a person’s PayPal details, thus giving them access to the attached bank account or debit card through the PalPal system. The email is designed to look like a common warning that we see often from services these days, one that warns of a new login from an unknown device. Users that panic and click before thoroughly checking the email out, are taken to a fake login page that’s set up to capture their PayPal login.
Coronavirus Email Scams
Unfortunately, hackers are quick to jump on any big news that they can use to their benefit, and one of the latest is the huge Coronavirus outbreak that has people on edge. The Coronavirus started in China and cases quickly spread throughout the globe, cause a panic and triggering phishing emails designed to prey on that fear. This scam involves an email that comes with a link or attachment claiming to contain information on how to protect yourself from the spread of the Coronavirus. The signature is often from Dr. (somebody), which is another ploy to gain the trust of the recipient. But it’s just another way to trick someone into downloading a computer virus of other type of malware.
Phishing from Legitimate Email Addresses
One of the things that hackers go after is a way into legitimate email accounts. This includes Office 365, Gmail, or any email of a legitimate provider, such as a website provider like Bluehost. One of the identifying factors that users are typically trained to look for when receiving an unexpected or suspicious email is the email of the sender. If that email is coming from a legitimate email address, either of a co-worker or service that your business uses, then the recipient is much more likely to trust it and take the action that the email requests. For example, in 2019, emails were received by Bluehost customers from an admin address matching the provider’s domain that warned that the customer was about to lose service if they’re didn’t login to their hosting panel to take action.