adNET Academy Blog

The Many Ways Scammers Like to Go Phish

Written by Ryan Howarter | Feb 9, 2021 12:00:00 PM

Most would probably say that they would NEVER fall victim to a scam, especially when reading over something as obvious as an email full of weird characters and broken grammar, or the classic Nigerian prince emails, but modern phishing scams can actually be quite effective. A well-executed phishing attack uses deceptive simple methods to confuse people into revealing sensitive information.

Are you and your associates adequately equipped to safeguard your business from common phishing methods? Cybersecurity awareness is an important part of any business, and IT management systems and processes go a long way in increasing business safety.

Hiding in plain sight

Despite the simple caricatures of cyber-scams that you and many of your colleagues have likely been exposed to by the media, modern phishing is a largely hard-to-detect crime, which requires a keen eye to perceive, and an even keener set of preventive methods to eradicate within your company’s walls. 

That’s where cybersecurity becomes paramount to success and managed IT services become the closest ally to your operations. Train your employees to be able to detect the most common types of scams:

    • Email Phishing
    • Spear Phishing
    • Whaling 
    • Malware Attacks  
    • Smishing/Vishing

These phishing attacks are possible cybersecurity nightmares, responsible for the biggest scam-related net losses a company can face, and are handled best by educated users who have been trained by an effective IT managed service provider.

Email Phishing

Typically understood to be the most widespread form of scamming, email phishing acts as the catch-all method and provides a foundation for other attacks as well. These weaponized emails constitute an overwhelming majority of scams that can easily trip up the outermost defenses of a business - vulnerable employees!

The most common version of this recently involves spoofing a commonly used brand and asking a recipient to login to the website. It may appear as if you are at the Office 365 portal while a check of the URL reveals you're actually connected to www2.micros0ftofficesite.cn. You put in your credentials and... nothing happens, it's not a real site. Your input has been dumped to a database to be sold and exploited.

Spear Phishing

This method takes regular phishing to the next level. While phishing is casting a wide net, spear phishing entails obtaining extensive information about an employee and then using it to appear trustworthy in order to lower a users defenses and increase the odds of obtaining sensitive information.

These scammers are often capable of appearing like a person or organization of authority, perhaps a higher-up at the company that you report to. Net losses can be massive, making training and processes a priority. For instance, if your company regularly transfers money to other parties, you may want to implement a process that involves multiple members of the finance department signing off on wire transfers instead of a single person being allowed to initiate transactions on their own. 

Whaling

Whaling is heading out into the deep waters for the really big fish - owners, executives, managers - by presenting as other businesses or perhaps the government. Users targeted by this method may be asked for certain information that you would be required to give to an institution such as the IRS or regulatory agencies. 

While training is oftentimes initiated by the "higher-ups" in order to protect the business by making sure employees are on the lookout for possible scams, owners and the like should make sure to participate in the training process themselves. This can provide a unified front for the entire organization, help avoid business owners’ plausible misconceptions or assumptions, and leave less room for such pointed attacks.

Malware Attacks

Less social, and relying more on overt hacking, malware attacks create a cybersecurity threat that is often difficult to clean up and causes internal issues that are better prevented rather than taken care of after the fact. 

Managed IT services and cybersecurity truly come into play in the event of malware penetration, and because the attack relies only on the click of a link or reply of a text, the training involved against this method pays massive dividends that outweigh their cost each time an attack is prevented. 

Smishing/Vishing

Smishing (SMS phishing) is similar to the more traditional email phishing, but has the more immediate effect of reaching you or your associate’s defenses through text messaging, creating a call-to-action style scenario that ups the ante and encourages a response. 

A malware attack is almost always included in smishing and cybersecurity planning and expertise can brings down the success rate of these attacks.

Vishing (voice phishing) is a form of social engineering that relies on calling a potential victim. Scammers may spoof phone numbers to appear as if the call is coming from a known entity and may escalate the scenario, perhaps asking to connect via screen sharing software to confirm some information. And of course, the user will be urged to expose their credentials, leading to a security breach.

Precaution is Paramount!

A strong foundation of cybersecurity awareness within a business is a must-have for any company, fledgling or well-established. As threats become more sophisticated, so too should an organizations security methods and training to remain ready to face these challenges.