4 Common Phishing Scams
Phishing has been around for decades and has given hackers plenty of time to refine their methods. Here are 4 common phishing scams that your business should be aware of.
1. Email Phishing
Email phishing is when a malicious individual sends out spoofed emails meant to deceive the recipient. This is one of the oldest types of phishing scams, and while it doesn’t work too often, it’s easy to do and can be sent out to many people in a short amount of time. For example, if a hacker sends out a spoofed email to a few dozen employees at a company, only one needs to fall for it to make it worth their time.
Most email services feature smart spam detection that will filter out phishing messages, but you should also educate your employees about email phishing just to be safe.
Pharming is a type of cyber attack that redirects a user from a secure website to a different fake site. In order to understand how this works, you need to know about the Domain Name System (DNS). When you type the name of a website into your address bar, the name is translated into an IP address by the DNS. This information is then cached on your local machine.
If a hacker gains access to your local DNS file, they can easily change the IP addresses associated with domain names. This causes you to be redirected to an unsafe website even when you type the name correctly.
The best way to protect against this form of phishing is by maintaining proper security on your machines. That means regular security updates and antivirus software on every device that connects to your network. You should also make sure your employees know not to enter information into any website that doesn’t have the proper security certificates.
3. Spear Phishing
Not all phishing scams are impersonal. Some hackers go through great efforts to personalize their scams. They may appear completely legitimate and include information like your name, work position, phone number, and other personal information. Information like this is surprisingly easy to find yet most of us assume that if someone knows it then they must either know us personally or be a trusted authority figure.
The best way to protect against this type of scam is to ensure that your employees know not to provide any sensitive company information via email or over social media.
4. Phone Phishing
These days it’s easy to make a call appear as if it’s coming from somewhere else. This has encouraged hackers to send out mass calls to anyone and everyone in an attempt to steal information. These calls could appear to be coming from your bank, the government, a trusted friend, or even from inside your company. Most of the time there isn’t even a real person on the other end, it’s just a robocall asking you to input sensitive information.
Phone phishing is extremely easy to set up, and like email phishing, it only has to work on a handful of people to really pay off. Make sure employees know that they should never give out any kind of personal information over the phone. You should also have protocols in place surrounding customer information as well. Phishers will often call businesses asking for a password or other sensitive information while claiming to be a customer.
These are 4 of the most common phishing scams but they aren’t the only ones your business could face. For more information on the best practices in electronic data protection don’t hesitate to contact us at AccuShred today.