Phishers are Getting Better But You Can Avoid Becoming Their Next Victim
Cybercriminals are continually changing methods and tactics to fool their victims. Thankfully, there are tried and proven ways to recognize their attacks.
Phishing has grown by well over 60% in the last year alone. What is more, cybercriminals that conduct these attacks are becoming far more organized and efficient than they were in the past. Staying abreast of new phishing tactics and the best ways to combat them can help a business avoid the pain, hassle and expense that a data breach will bring on.
Voicemail Attachments
Phishing attacks typically make use of email attachments to hide malware that is installed on a computer when one clicks a button. However, a new twist on this old technique is using voicemail attachments for the same purpose.
Cybercriminals know that many businesses use group communications cloud products to make it easy for employees working in the same department or branch office to communicate with each other easily. It’s not uncommon for those in a communication group at work to receive voicemail attachments and many unsuspecting employees or even business owners won’t think twice about opening a voicemail attachment that looks like it comes from the group communications cloud product.
Thankfully, there are several ways to tell if a voicemail attachment is genuine or not:
- Log on to the platform to view the message there.
- Check the message for spelling and grammatical errors. These may include extra spaces, letters in the wrong case, and/or misspelled words
- Make sure the message is addressed to you. Phishers tend to use general phrases such as “valued customer” so they can send the same standard email to multiple individuals.
HTTPS Encryption
Most people know that HTTPS is the secure version of HTTP. IT experts have warned for many years that one way to know if a site is legitimate or not is to check that it uses HTTPS rather than HTTP. Unfortunately, cybercriminals are now using HTTPS sites to make their phishing scams appear legitimate. In fact, the use of HTTPS encryption in phishing sites has increased by a whopping 900% since 2016.
How can a small business owner avoid being fooled by a bogus HTTPS website? Here are some tried and proven tips:
- Never click an email attachment even if it looks like it’s from a legitimate source such as your bank. If the attachment comes from a third-party website that requires you to sign in, open a new browser tab, go to the website and sign in directly from there.
- Hover your mouse over the link to view the name of the website the attachment comes from. Don’t just look to see if it has HTTPS encryption; check the name of the site to make sure it’s identical to the purported sender. Phishers can’t use the exact same domain name, so they have to omit a letter, add a letter, use a different domain name ending or find some other way to make it look like the attachment came from a legitimate source.
Other Phishing Attacks to Watch Out For
While cybercriminals are certainly evolving, they haven’t stopped using their tried and proven phishing tactics. Social media phishing, mobile phishing, phishing via the use of ordinary email attachments and Vishing still fool people who aren’t familiar with cyberattacks and how they work. Not all employees are technologically savvy and even those who are may slip up if they’re distracted or in a hurry.
Thankfully, even small businesses can now avail themselves of top-tier IT security by partnering with an IT service provider such as OnServe. OnServe works with a wide range of industries throughout Canada to provide invaluable IT security services such as IT security training for employees, mobile device security, security assessments, and Security as a Service package. The company also offers other managed IT services to boost business efficiency and profits. Get in touch to learn more or to schedule an appointment with an IT expert who specializes in serving your industry.