Cybercrime & Survival Of The Fittest

There’s no rest for the wicked.

Cybercriminals wouldn’t be very successful if they kept using the exact same scams over and over. You’d probably start to notice a pattern if you got the same scammer phone call, or the same ransomware-attached email, or the same “security” pop-up in your web browser every day.

That’s why cybercriminals keep changing the way they execute these scams. The underlying strategy (trick an unsuspecting target into giving up information or downloading malware) may be the same, but they dress it up in different styles and use different gimmicks.

Just this year, a new variation of phishing was discovered, in which cybercriminals embed malware in emails and disguising it as a voicemail recording.

How does this keep happening?

Because very few targets bother to learn how these breaches happen and what they should be doing to prevent it from happening to them. The fact is that cybercriminals can keep relying on the same old tactics to penetrate business’ systems because they keep working.

What Is Phishing?

At its most basic, phishing is an email scam. The cybercriminal drafts an email that appears to be from someone familiar to the target – a coworker, a manager, their bank, etc.

The email is written to be urgent so that the target acts quickly without giving it much thought. It’s also very vague, so that they can use the email on thousands of targets without having to change much about it.

What’s the end goal? The cybercriminal wants the target to click a link or download an attachment – either will infect their systems with malware. In fewer instances, the cybercriminal may expect the target to divulge information, like a password or SSN.

Is Phishing Actually Dangerous?

The average phishing attack costs businesses $1.6 million. The problem with the rising tide of cybercrime incidents is that you get desensitized to the whole thing.

Case in point: the Alive Hospice in Nashville has reported that an employee’s email account was accessed by an unauthorized party in May 2019. When the suspicious activity was noted, they launched an investigation, discovering that the hackers had access to the account for two days.

The fact is that businesses aren’t learning to protect themselves, which is why the number of reported phishing attacks has gone up by 65% in the past few years.

What About Vishing?

“Vishing” is one of the latest variants of phishing being tracked by cybersecurity professionals. Instead of attaching malware to an email and disguising it as say a PDF, cybercriminals specifically disguise it as an audio file, and make it so the email appears to be from an automated voicemail service.

These legitimate services are more and more common in the business world today. When a user receives a voicemail, they also get an accompanying email with a recording of the message for them to review without having to access their voicemail inbox.

Regardless of how vishing works, it’s based on the same principle as all other types of phishing – it assumes the user will believe that the email is legitimate, and will download the attachment.

That’s why you and your staff need to know how to identify a phishing email before you make a critical error…

What Does A Phishing Email Look Like?

Make sure that you and your staff are on the lookout for suspicious emails, as they are likely part of a phishing scam – but how can you know for sure?

  1. Watch For Overly Generic Content And Greetings: Cybercriminals will send a large batch of emails. Look for examples like “Dear valued customer.”
  2. Examine The Entire From Email Address: The first part of the email address may be legitimate, but the last part might be off by a letter or may include a number in the usual domain.
  3. Look For Urgency Or Demanding Actions: “You’ve won! Click here to redeem a prize,” or “We have your browser history pay now or we are telling your boss.”
  4. Carefully Check All Links: Mouse over the link and see if the link’s destination matches where the email implies you will be taken.
  5. Notice Misspellings, Incorrect Grammar, & Odd Phrasing: This might be a deliberate attempt to try and bypass spam filters.
  6. Don’t Click On Attachments Right Away: Virus containing attachments might have an intriguing message encouraging you to open them such as “Here is the Schedule I promised.”

What’s The Main Takeaway?

You need to understand that there is no perfect technological solution that will save you from phishing. It all comes down to you (and the other users at your business), and how capable you are at spotting a scam when it comes into your inbox.

Like this article? Check out the following blogs to learn more:

Four Ways to Leverage Cloud Technologies to Keep Your Business Safe

Relief Efforts Underway for Bahamas Hurricane Recovery 

4 Ways IT Outsourcing Helps Your Business