Phishing Scams: What To Know

Phishing Scams: What To Know

Businesses of all sizes can be victimized by phishing attacks. That’s because no matter where you are, what you sell, or who your clients are, everyone holds some amount of valuable digital information. Bad actors are eager to get their hands on that data, and phishing is one tried-and-true way they can do this.

What is Phishing?

A play on the age-old pastime (and pronounced the same way, too) phishing uses the same tactics: lures, bait, and disguised identity. Cyber criminals could use seemingly legit email messages to get your employees to click on malicious links or attachments. Victims are then taken to a fake site where they can enter information and give these bad actors the keys to your data vault.

While it’s terribly sneaky of them, you’ve got to admit that it’s much simpler for cyber criminals to be invited inside than it is to scale digital walls and barriers. This is precisely why attackers so often use phishing scams, and why you need to be on the offensive.

A “successful” phishing attack can yield login credentials, account information, payment details, and plenty of other sensitive data that can put your company and clients in jeopardy.

Speak with one our team members

How to Spot a Phishing Attempt

At a quick glance, phishing communications can seem to be legitimate. But with just a bit of scrutiny, you can be more confident in your evaluation and avoid criminal attacks. Here’s what to look for:

Who is the sender:

• An email might appear to come from a known and trusted individual, organization, business, or even from within your own company
• Phishing emails can also come from first time or unrecognized senders
• Hover over the sender’s email address or press the icon to access more information and you’ll often find that the email address doesn’t match up with the supposed sender

What is the email requesting:

• Phishing emails generally include an urgent call to action, sometimes paired with threats
• You will be asked to provide personal information, such as an account login and payment details, or given a link to click to either resolve or dispute a situation the scammer alleges in their message (e.g. image copyright infringement, SEO errors, domain name expiration warning)

Pay attention to details:

• The email may be addressed to “client,” “customer,” or use an honorific like Sir or Madam instead of a personal name
• Misspellings and grammatical errors are typical–in general, the phrasing can feel “off”
• The message doesn’t line up with reality (ex: you haven’t tried to log in to an account 5 times)
• Embedded links, linked URLs, and email attachments are common
• Sender uses a public email address instead of a corporate email

All of these factors combine to create a situation that feels uneasy and can generate a false sense of urgency––that’s their goal. Cyber criminals are hoping that in the confusion, you share information you normally wouldn’t.

When it comes to phishing scams, prevention is the best medicine, and in this case education and awareness factor heavily if you’re trying to make your company phishing-resistant. Sharing expert tips and information on how to recognize and avoid phishing can go far to prepare your staff to view every email with a more critical eye. To that end, here’s a great video and article that we’ve vetted for you.

Types of Phishing Attacks

Email phishing attacks are probably the oldest and most common type of phishing you can expect to encounter. But there are other tactics to be aware of. Here are some of the most widespread types of phishing to know:

• Spear Phishing: A more targeted attack, typically of business executives and high-profile individuals
• Smishing: SMS text messages that include short links and could appear to be account notices, prize notifications, or political solicitations
• Search Engine Phishing: Fraudulent websites look legitimate and can show up in search results but enable criminals to steal personal and payment information
• Vishing: An unsolicited caller claims to be from tech support, a government agency, or another organization and tries to get the recipient to share personal information over the phone
• Pharming: Scammers redirect traffic from a legitimate website to their fake webpage in order to steal valuable information
• Clone Phishing: Criminals gain access to a victim’s email account and alter an existing email by adding a malicious link or attachment and then sending to the victim’s contact list
• Man-in-the-Middle Attack: An unauthorized third party monitors communications over an unsecured network and then attacks both parties with malware or a phishing attempt
• BEC (Business Email Compromise): Phony email from the victim’s own company requesting urgent financial help via money wiring or gift card purchase
• Malvertising: Bad actors use digital ad software to publish ads that appear to be normal but are infected with malicious code

What to Do if You Suspect Phishing

Oftentimes the platform your company uses to manage emails can help to flag suspicious messages. If so, heed those warnings. Be sure to pay flagged emails extra attention and to be diligent in how you follow up.

If you receive a phishing email:

• DON’T respond to it
• DON’T download attachments
• DON’T click on links or pop-up messages

• DO alert supervisors
• DO report and block the sender (if you conclude it’s a scam)
• DO delete the email

You can also contact the supposed person or organization to inquire about the email, so long as you do so directly, and outside of the message in question.

There is no single fool-proof method to prevent phishing attacks. By keeping on guard and taking the time to scrutinize any message that appears suspicious, you can ward off the majority of attempts that land in your inbox.

At Alt Media Studios we’re here for your success. So we’re happy to share what we’ve learned from experience in the hopes that it will help you too. Stay tuned and keep in touch for more practical, helpful tips from our team. We’re wishing you the best.