Cybercriminals are getting sneakier and savvier, making their tactics and tricks that much harder to recognize and avoid.
When it comes to email phishing scams, the conversation hasn’t changed much over the years – mostly because the scams themselves have stayed pretty consistent. That’s still the case, for the most part. Cybercriminals are still looking to trick unsuspecting targets into giving them sensitive information that they can use to turn a profit off of.
One of the most common phishing scams involves spoofing a recognizable institution, like a bank or government agency, or a company like Amazon or PayPal. The goal is to fool you into sharing account or credit card information or to convince you to open and download an infected file or click on a malicious link.
There was a time not that long ago that to a keen observer, these spoofed emails were easy to spot. The messages either contained spelling and grammatical errors that gave them away, displayed company logos that were the wrong size or color, or contained embedded links that were blatantly not what they pretended to be. Anyone with a decent grasp of good cybersecurity practices would be able to avoid playing into a hacker’s hands.
But as businesses and individuals alike learn more about how these scams operate, and companies continue to invest in more advanced security measures and spam filters, cybercriminals are working hard to stay a step ahead. The shoddy Photoshop jobs, Google-translated text, sloppy hyperlinks, and misspelled email domains are beginning to be replaced by the kinds of forgeries that even trained professionals can miss.
I know this from first-hand experience. Just the other day I found an email from Canada Post in my Junk Mail folder when I got to the office that morning. Thinking it might be something important that got caught up in my spam filter, I opened the email. At first, everything about it looked legitimate.
The company logo was the right size and color. The message – informing me that I’d missed a delivery attempt – was well-crafted, and the provided link didn’t seem overly suspicious. It passed a cursory inspection. However, after a closer look, I realized that the actual zip. the folder I was meant to download displayed a Russian connection – meaning it absolutely was not sent by Canada Post.
Had I not been as cautious as experience has taught me to be, I could have been in for a very, very long morning.
Seeing phishing attempts like this makes me nervous. If these messages are becoming sophisticated enough to almost fool someone who deals with cybersecurity for a living, it makes the job of protecting the businesses GAM Tech serves that much more of a challenge.
The fact that this particular message landed in my Junk Mail means that a high-end spam filter is still capable of detecting and blocking these malicious emails – which is only good news if your business has invested in advanced cybersecurity measures, and those measures are constantly kept up to date with the latest patches and virus definitions. Even then, there is a chance that something might still slip through.
This is where awareness and training become hugely important. Knowing how to spot the tiny details that separate a legitimate email message from a clever fake can make a huge difference. Especially with threats like ransomware still heavily targeting businesses of all sizes. One wrong click can spell disaster for your business.
The key is to provide your staff with ongoing cybersecurity training, keeping everyone with access to your technology infrastructure current on new threats and tactics. It’s that ability to catch little inconsistencies – or at least, the awareness that one needs to slow down and look for potential red flags – that will keep your business safe when you find yourself the target of a phishing scam.
A basic antivirus and spam filter simply are not enough to keep your business safe these days. The threat landscape is constantly evolving, presenting new challenges for cybersecurity measures to contend with. The more sophisticated threats become, the more advanced your cyber defenses need to be in order to keep up. And again, these defenses alone might not always be enough.
The number one reason phishing scams are still as prevalent as they are is that they work. These scams rely on the unknowing cooperation of someone inside your business in order for scammers to achieve their goals. It’s their ability to fool their targets that makes them such a dangerous threat, and it’s only by being fully aware of that threat can your business avoid become yet another cybercrime statistic.
Want to learn more about the steps you can take to protect your business against threats like phishing scams? Contact the cybersecurity experts at GAM Tech today.
Published By: Adrian Ghira on February 06th, 2018