This article has been revised December 30, 2018

A phishing scam can be performed via email, phone or website and is executed differently, depending on the delivery method. These are cybercriminals attempting to retrieve access to your personal information, data, passwords or your entire device. According to ScamWatch, beware of emails, texts and phone calls claiming to be from companies asking you to update or verify your information. This includes social media sites, government branches and banks.

Email

According to Barkly, a security tech company, “Email attachments are the #1 delivery vehicle for malware.”

Phishing scams via email can contain incorrect spelling and grammar, and will offer everything from free software, software updates, warnings, payment demands, social media alerts, prizes, surveys with incentive and attachments of all sorts.

Email phishing scams will almost always contain a link. Once clicked on, a malicious software can then be installed onto your device leaving your files, passwords and other data completely exposed for the cybercriminal to steal. If this happens on a company device, they can gain access to other machines and data, wreaking havoc on you and the company. The advice from security companies is to, without clicking on it, hover your mouse above the link to see if the address matches the claimed url. Try it on the links below to see what a safe link looks like. If the address that pops up while hovering over the link is different than the one it’s claiming to be, immediately disengage and mark as spam.

Phishing scams via email will sometimes contain threats, warning that a service or account will be shut off if you don’t respond to the email. If you ever question this warning, call the company they are claiming to be directly from the number provided on a paper bill or google search, as sometimes the company’s website can be compromised. Never call the number they provide in the email. Cybercriminals have gotten especially skilled at creating graphics within the emails to make them look more legitimate. It is also important to know the main form of communication that the actual companies relay information through. The IRS will never send you an email asking for payment and security software companies won’t send you warnings about your service expiring.

Compliments of Microsoft, here’s an example of what a phishing scam might look like:

Phone

Never give out your credit card information, online account details or personal information to callers claiming to be from a bank or any other organization. According to ScamWatch, if you receive a phishing phone call, ask for their name and contact number, and perform a search of the company. The Federal Trade Commission (FTC) lists some warning signs to be aware of on the call:

  • You’ve been specially selected (could be for a special offer)
  • You’ll get a free bonus if you buy the product
  • You’ve won a prize
  • You’ve won a large amount of money (could be in the US or another country)
  • Investment opportunity that’s low risk and high reward (claiming you can’t get this anywhere else)
  • Forcing you to make your mind up right away
  • “You trust me, right?”
  • “You don’t need to check our company with anyone.”
  • “We’ll just put the shipping and handling charges on your credit card.”

The FTC encourages those who’ve experienced a scam to report it immediately by calling 1-877-FTC-HELP or visit their secure site: https://www.ftccomplaintassistant.gov/#crnt&panel1-1.

Website

Cybercriminals can setup look alike websites that very closely replicate the look of an actual company website but by checking on a few quick details, you can avoid falling into the scam. Double check the url, website address, to make sure that it looks as it normally does. If you notice anything extra or out of place, it’s best to play it safe and close out of that page. A secure website will always start with “https:” and NOT “http:”. The website might also ask for information that it doesn’t normally request. The following article was posted by Microsoft and elaborates on the warning signs of false websites, also known as cybersquatting: https://www.microsoft.com/en-us/safety/online-privacy/cybersquatting.aspx.

As a reminder, it doesn’t matter who the scammer is pretending to be, you should never give out your credit card or other personal information to those that contact you directly via email, phone or text, even if they claim to be from the government, a well-known or unknown business or random family member.

Many businesses hire professional IT companies to perform safe and secure phishing campaigns within their company in order to see what employees are the most susceptible to these types of attacks and to educate those potential points of vulnerability. For more information on this, please contact us at (800) 748-6399 or via email at sales@ostari.com.

Related Article:

10 Top Ransomware Attacks of 2017

https://www.ostari.com/2017/11/02/10-top-ransomware-attacks-of-2017/

References:

https://www.barkly.com/how-to-recognize-and-prevent-phishing-attacks

https://www.microsoft.com/en-us/safety/online-privacy/cybersquatting.aspx

https://www.consumer.ftc.gov/articles/0076-phone-scams