Phishing is a term that was adapted from the word “fishing.” When we go fishing, we put a line in the water with bait on it, and we sit back and wait for the fish to come along and take the bait. Maybe the fish was hungry. Perhaps it just wasn’t paying attention. At any rate, eventually a fish will bite, and you’ll have something delicious for dinner.
This is essentially how cyber phishing works: Cyberthieves create an interesting email. It might say that you’ve won a $100 gift certificate from Amazon. Sound too good to be true? Find out! All you have to do is click the link and take a short survey. Easy enough, right?
Once you click the link, guess what happens? A virus is downloaded onto your system. Sometimes it’s malware, and sometimes it’s ransomware. Ransomware encrypts all your files until you pay the ransom. Even then, there’s no guarantee you’ll get your data restored. Malware is all about stealing credentials, passwords, and other valuable information from your company. Sometimes it’s just about destroying your data.
Malware includes Trojans, worms, spyware, adware, and rootkits. These malicious programs each have different goals, but all are destructive and aimed at harming your computers.
As cyber thieves continue to steal from people all over the world, they create new ways to do this. After all, many people have become familiar with some phishing scams so they may not work as well. The solution is to come up with new scams that are enticing—things that users may not have heard about before. The more convincing hackers can make their scams, the more successful they will be.
The entire landscape of cybercrime is changing. It used to be mostly young guys sitting in their parent’s basement, trying to find clever ways to pass the time. Unfortunately, this crime has become so successful that the governments of countries are now involved.
A vast majority of ransomware scandals originate in Russia. The government employs hundreds of hackers. They have teams of IT experts who work around the clock to create new and more effective hacking scams.
When hackers are backed by a government like China, they have practically unlimited resources. This makes them even harder to stop. If they were merely individuals committing crimes for personal gain, the authorities could track them down and put them in jail. But today’s cybercriminals are well-organized agencies that are part of a large foreign government, so stopping them is almost impossible.
Below, we discuss some of the most notorious cybercrimes and some new ones that are making the rounds:
Sextortion: Have you ever sent nude pics to someone? Even if you haven’t, they sometimes claim that they’ve got some from your webcam or they’ve buried pornography on your computer that they plan to expose to the authorities if you don’t pay them.
If you own a business, then this can be a crime that pays well for thieves. They send the business owner a little sample of the erotic photos, then demand money or else they’ll publish them on the Internet. The problem with this crime is that there’s no guarantee you’ll get all copies of the photos back. You may pay the criminals and still not be sure.
Gift Cards: This scam is highly successful because typically the thieves don’t ask for very much money. Many victims will go ahead and pay even if they suspect that it’s a trick, just because there are only a few hundred dollars at stake.
You may get a phone call from someone saying they’re from a creditor or the IRS. They will speak in hostile threatening tones. They’ll claim that if you don’t pay up immediately, terrible things will happen—maybe your car will be repossessed.
Next, they instruct you to go to a local store like Walmart and buy gift cards in the amount you owe. Once you buy them, you call the thief back and give them the numbers found on the back of the cards. Once they have these, they can use them online to make purchases.
Phishing/Ransomware: Phishing crimes have become so successful that now there are variants like spear-phishing, vishing, and smishing. These are all forms of the same ruse. A hacker will send you a very convincing email. It may say something like, “Congratulations! You’ve just won $100 from Amazon. Click on the link below to claim your prize.”
You click on the link and guess what? A malware or ransomware virus is downloaded onto your computer. If you’re a business owner, this virus can spread quickly to other computers.
In many cases, all your computers are locked, and you’ll get an ugly message saying that if you want your files restored, you must pay a ransom. Sometimes business owners follow the instructions on the screen and they get their files back…but, sometimes not. There’s no guarantee. Ransoms are always demanded using cryptocurrency because this form of payment is untraceable.
Wire Fraud Scam: Hackers are targeting the human resource functions of businesses of all types with phishing. They’re convincing employees to swap out direct deposit banking information to offshore accounts.
A nonprofit in Kansas City (KVC Health Systems) said that there were numerous attempts each month involving scammers who were trying to convince their payroll personnel to change information about where to send employee pay. The IRS recently released a warning about an uptick in a wide range of fraud attempts involving payroll information.
You may have spent years trying to build up your company. You have a huge amount of time and money invested, and yet one cyber attack could bring your company to its knees.
The first thing you need is knowledge. Knowledge is still power in our world. You need to know how cyber attacks occur. What are the latest phishing scams? How does ransomware work?
You also need to train your employees so they’ll know as well. Just one careless employee can open the door to thieves and cost you thousands of dollars. It’s cheaper to train your employees. Make sure your employees get regular training to remind them how to recognize a phishing email or malicious website.
Unfortunately, cybercrimes like phishing won’t stop anytime soon. They’ve been too successful, and there’s almost no chance of getting caught. What you have to do is protect your business and your data with a multi-layered cyber defense set up by your IT services company and Security Awareness Training for your employees.
If you’re not sure whether your cybersecurity program is strong enough, hire an IT support company. They can perform penetration testing to assess your level of security.
A great IT services company will do a full assessment of all your security protocols and let you know whether you need to add layers of protection. When you have the best cybersecurity platform in place, and you educate your employees, you can protect your business from phishing.
Visit our Tech Insights and check out these articles for more information.