Phishing doesn’t look so phishy anymore

The days of thinking that you were going to live happily ever after, in a castle dripping with gold, in an exotic land, with a Royal Prince … just after you wire him $200 … are gone. 

As technology has advanced and become more integrated into our everyday lives, so have cyber criminals and their schemes.

Around 95% of all cyberattacks on businesses stem from human error. With the most common error being, you guessed it, falling for a phishing scheme. Phishing accounts as the source for 91% of attacks leading to costly data breaches, by why?

The answer is they are simply hard to detect.

In recent years, it has been common to see phishing emails that appear to be coming from delivery services. They might want you to “track your package” or “confirm your order by clicking here and entering your card number.”

In the business world, you may even find seemingly legitimate emails coming from your CEO, until you take a closer look to find minor misspellings in the sender’s email address. And unfortunately, these schemes continue to evolve.

As of January of 2022, the most common phishing scheme used to steal data from businesses are emails that appear to be sent by company vendors. Think of all of the businesses that YOUR business works closely with to keep things running.

Imagine – the company that you purchase supplies from sends your billing department an email that states they have updated their billing portal and need you to update your card information before your next billing cycle. How likely is your team to click that link and enter whatever data is requested? My guess is that it’s very likely they would do it without hesitation, and before you can even process what has happened, THOUSANDS have been stolen from your business.

So what can you do?

Be vigilant. And Train.

Continuously train your team to detect and report anything that seems off. Train them to confirm with a known account representative before updating any information requests that you didn’t expect to receive. Have a leadership team that OVER-emphasizes the importation of having a good cyber hygiene.

Common Features of Phishing Emails

Too Good To Be True – Lucrative offers and eye-catching or attention-grabbing statements are designed to attract people’s attention immediately. 
Sense of Urgency – A favorite tactic amongst cybercriminals is to ask you to act fast because the super deals are only for a limited time. 
Hyperlinks – A link may not be all it appears to be. Hovering over a link shows you the actual URL where you will be directed upon clicking on it. It could be completely different or it could be a popular website with a misspelling, for instance www.bankofarnerica.com – the ‘m’ is actually an ‘r’ and an ‘n’, so look carefully.
Attachments – If you see an attachment in an email you weren’t expecting or that doesn’t make sense, don’t open it! They often contain payloads like ransomware or other viruses. The only file type that is always safe to click on is a .txt file.
Unusual Sender – Whether it looks like it’s from someone you don’t know or someone you do know, if anything seems out of the ordinary, unexpected, out of character or just suspicious in general, don’t click on it!

And to NEVER forget #TheThreatsAreReal.

Learn more about how we can help your business and employees stay free from phishing hooks.