Just like other cyber attacks, phishing scams are getting more sophisticated.
Phishing scammers are getting more and more sophisticated. You no longer have to only watch out for misspellings or fraudulent emails coming from your “IT Department.” Of course, these are still things to concern yourself with and be on the lookout for but the attacks are becoming more and more difficult to detect.
CEO’s and CFO’s Targeted
In recent weeks, there have been two cases of phishing scams that are otherwise undetectable. Not only are they more difficult to spot but they are going to more powerful people in businesses. Scammers took the time to research organizational structures so they not only would know who to contact but they also know who to impersonate. In the most recent cases, the cyber attackers used the internet to determine the organizational structures and who the CEO’s or CFO’s were. They then took the time to research board members and other senior employees who would have interaction with the intended target. This kind of implementation went even further because they found legitimate reasons for the board members or senior employees to request funds. They then sent the email to the intended victim and asked for money for a completely plausible need. The attacks were very well researched and thought out. They were even executed in a way that it was almost impossible to detect. There were no red flags with the emails and it was essentially the perfect implementation.
Protecting Yourself Against Phishing Attacks
Even though the nature of phishing attacks is changing rapidly, you still need to watch out for the most basic components of one to better protect yourself. In addition to the rules that many people already know, there are new things to be aware of. These are just some of the things to look out for:
- Misspellings. If you see an email that has a lot of misspellings throughout the copy, then you should be on alert. It is likely a phishing scam. Keep in mind that one misspelling may not mean it is a phishing email but it is still something you will want to further examine before you respond or click any links in the email.
- Requests for money. Even if it is not out of character for requests to come through your email at work, you should ensure they are legitimate before you send any money. Make sure the request comes through the normal protocol and do not make any exceptions. You may even want to call the person who sent you the request to ensure it came from them.
- Emails coming from strange email addresses. Something that can be difficult to notice unless you are paying attention is an email address that is not correct. If you get emails from strange email addresses that are similar to the authentic ones you are used to, delete the email immediately. This is likely a phishing scam that has been modeled to look as much like your normal emails as possible.
- Know that no one is completely safe. No matter how much security you may have within your company, there is always the risk of a cyber attack. Cyber criminals are getting much smarter in how they implement these scams and you should always be on high alert as a result.