Phishing refers to a variety of scams that use online resources to target people and businesses. The goal is to trick online users into providing login information for their financial accounts or access to their employer’s network.
In either case, the results can devastate an individual’s finances or a company’s ability to protect its customers.
What Are the Types of Phishing Scams?
From text messages to creating full duplicate websites, there are several different ways phishing scams can target individuals.
They can target consumers who enjoy online commerce, or they can target employees who can give them access to a company’s online network. Here are a few specific examples of the types of scams your employees should be trained to spot:
Email scams have become extremely common, and many people know how to recognize them. Even so, they can be very convincing. The scammer will mimic a trustworthy sender, such as a banking institution, government agency, or widely-known commercial business.
The email will alert the recipient to some problem with their account and urge them to click on a link to correct the problem. Alternatively, the sender might urge the recipient to download an attachment.
Either action will result in malicious software being downloaded into the user’s computer, giving them access to everything in the user’s network.
This type of scam is similar to an email scam, except that it targets a specific person within a business. It will target the individual by either their name or job title.
The goal is to get the individual to initiate a transaction that will give the scammer access to the network or other assets. For example, they might try to convince someone in your finance department to initiate a large wire transfer.
This type of scam is done via text messages, making it harder for people to identify it as a scam. Unless they have cybersecurity apps installed on their phones, your employees won’t have the technological help to weed out these scams. Usually, a text message or SMS scam will urge the user to access an account via a provided link.
Once the user follows the link, malware will be downloaded onto the user’s phone. Alternatively, the website to which the link leads them will be designed to collect their login information. This approach gives the scammer access to each victim’s protected data.
This type of scam involves the use of an automated call. If your employees receive automated calls that ask for personal information, urge them not to provide it. Once they enter their account number for their bank or their Social Security number, the scammer will have access to all of their relevant data.
Scammers can also clone legitimate emails that you may have already received from a business, bank, or government agency. The cloned email will ask the recipient to take the same actions as those requested in the original email.
Unfortunately, most users assume this is a glitch and will perform the requested action again. This action exposes their personal data and grants the scammer access to their information.
Malvertising and Search Scams
There are two types of phishing-related online marketing. The first is malvertising, which involves the use of digital ads to deliver consumers to a phishing site. If they don’t check to make sure they are on a legitimate eCommerce site, they may end up providing sensitive data to a scammer.
Search scams involve phishing sites that appear in the results of searches for legitimate websites. While Google and other search engines take steps to limit the number of scam sites that appear in results, they do pop up from time to time. Always check the URL for any website you plan to visit to limit your risk of falling for this scam.
How Remote Work Affects the Risks for Phishing Scams
The chance of falling prey to a phishing scam is 79% for remote workers. That is considerably higher than the same risks for on-site office workers. There are several different reasons for this discrepancy, and understanding those reasons can help employers combat those risks.
The first factor to consider is that 39% of people are willing to click on suspicious links. They just don’t believe the number of scams is high enough to warrant more caution.
An office computer may have cybersecurity measures in place to prevent the computer from visiting a harmful site. However, an employee’s personal computer likely won’t have those same safeguards.
A second factor is that personal computers in the home don’t have the same network protection. Your employees aren’t likely to use VPNs (virtual private networks) and other security features to protect their online activity. As a result, hackers and scammers have easier access to that computer and all of the data contained within it.
Who Do Phishing Scams Target?
There are scammers targeting people from all walks of life. Anyone with an internet connection is at risk of a phishing scam.
While some cybercriminals will target individual internet users, others target businesses and employees with the access that the scammers need. For that reason, it’s important to help your employees stay safe online in their professional and personal internet use.
How to Help Your Employees Protect Themselves and Your Business
Primarily, your employees should be trained to identify phishing scams on sight. This requirement means teaching them to watch out for obvious misspellings, false or public domain email addresses, and messages that instill fear if action isn’t taken. Here are a few more tips for phishing safety:
- – Don’t click on unfamiliar links
- – Install anti-phishing add-ons
- – Ensure websites are secure by looking for an address that starts with “HTTPS”
- – Change passwords every three months
- – Never click on pop-up ads
- – Keep your cybersecurity suite updated
It’s also a good idea to keep track of the sites that have required your personal or financial information.
Avoid giving personal information unless it’s absolutely necessary. If a field on a form doesn’t require the information, don’t provide it. These steps will help you and your employees stay safer in a world where online transactions have become necessary.
Call ITSG Today for Better Cybersecurity Tomorrow
ITSG provides the IT support services and cybersecurity resources you need to protect your business. When you contact us, you can trust that we will analyze your company’s security footing and offer the upgrades you need for the best protection.