While Hollywood blockbusters usually depict hackers as gritty loners and technological geniuses, the truth of the matter is that most hackers use techniques tried and true. One such tactic is the phishing scam. Introduced in the nascent day of the world wide web, phishing scams were developed to spoof emails and communications to make them appear as if they were coming from a legitimate source. Typically, these bogus messages contain malware programs, infected attachments and phony website redirects urging users to share their sign-in information with the cybercriminal.
The easiest advice we can give you to avoid a phishing scam is to simply avoid opening any email that just seems fishy - oh, if only it were so simple. If a hacker is successful in breaching your account with a phishing email, cybersecurity liability insurance from CyberPolicy can insulate your business against the costly damages.
Concerns about phishing scams flared recently as PayPal customers were targeted by an especially crafty hoax.
The Hacker's Tackle Box
PayPal is one of the largest and most used online payment systems in the world, so it only makes sense that hackers regularly attempt to spoof its communications. A recent scam sent fake emails to users making vague claims about \"some unusual activity\" to pressures consumers to clicking an embedded link.
From there, users were redirected to a phony PayPal page where they were notified that their account was on restriction and were urged to enter in personal information including full address, phone number, mother's maiden name, date of birth and social security number; pretty much everything you'd need to steal someone's identity.
What's even more frightening is PayPal never requests SSN information in the first place! So not only does this rip-off steal your PayPal login credentials, it also opens up the possibility for massive identity fraud!
Of course, the counterfeit wasn't without its red flags. Especially keen observers may have noticed several spelling and grammatical errors in the faux-PayPal notice. But it's more likely that people fell for it anyway.
According to Gizmodo, nearly a quarter of recipients will open a phishing email and 11 percent of users will open an attachment without having any clue what they are opening!
Gizmodo goes on to say that \"it takes an average of 82 seconds from the time a phishing campaign is launched, until the first sucker bites... The only solution seems to be education.\"
We couldn't agree more, which is why we pulled together a few tips for spotting a phishing scam before you get hooked:
"Urgent Action Required": Fear is a powerful motivator which clouds judgment and incites action; it's why so many hackers use it. People are more likely to make silly mistake if they believe their account is in trouble and in need of \"immediate action.\" Stop and think, would your online payment service or bank really freeze your account for not replying to an email? Don't be fooled by fear.
Unofficial Sender: Let's say you get a suspicious email in your inbox, what should you do? Almost all legitimate web services are wise to phishing scams, which is why each service will have an official email address for such occurrences (these can be found with a quick Google search). If the sender does not match the official address, report the incident.
Little Mistakes: As mentioned before, observant PayPal customers might have detected the fraudulent email if they noticed basic spelling and grammatical errors. Take a moment to check out the logo or letterhead for any abnormalities. Fraudsters often employ generic greetings like \"dear customer\" or "attention member." Pay attention to detail. It just might save your business.
Requests for Personal Information: A phishing scam will always ask for your information; that's what they're for, after all. Never share your password with a redirect link in an email. The same goes for your personal or business information.
Sadly, educating your employees isn't foolproof. Phishing tests show that workers will still fall for email scams directly following a training session, which is precisely why cybersecurity liability insurance is vital for the health of any organization.
Protect your organization with cybersecurity liability insurance from CyberPolicy today!