Phishing scams are designed by criminals to imitate a reputable person or organisation in order to coax their victims into sharing confidential or sensitive information. Phishing scams have been around since at least the mid-1990s and as new technology has become available, so have more sophisticated techniques and tactics. This is making these attacks harder to detect and increasing the threat they pose to businesses every day.
Fortunately, you can take steps to reduce the risk phishing has on your business and one of the best ways to do this is by keeping up to date with the different tactics phishing criminals use and how to recognise them. Most people have heard of standard phishing attacks, usually sent by email and riddled with spelling errors and grammar mistakes, but have you heard of these other 5 phishing scams?
1. Search Engine Phishing
This type of attack is especially hard to detect as it is not a phishing scam where the criminals reach out to you. Instead, they create fraudulent sites and often use search engines’ paid ads to position themselves in a prominent part of the search engine’s results page and then they wait for you to come to them. The best way to avoid this type of scam is to be wary of links to websites with offers that seem too good to be true such as, discounts, freebies and low-interest rate loans.
Pharming happens when code sent in a malicious email changes the host files on a computer or the hacker attacks the domain name system (DNS poisoning). This causes browsers to redirect users to fraudulent websites even if they type in the correct URL or use a previously saved bookmark. This is also very hard to detect as the fraudulent websites imitate the legitimate ones. You can help protect your business by ensuring you have an up to date cyber security system in place, you always have a secure connection (the site address starts with “https” instead of “http”) and you have set up two-factor authentication wherever possible.
3. Man-in-the-Middle Phishing
This attack often occurs through a fake WiFi network made available in public places, where unsuspecting victims are more likely to connect with the network. Once connected, the attacker can then spy on interactions the user has with another party online, such as a bank’s website. This allows the attacker to gather valuable and confidential information or to manipulate the communication to trick the user into installing malware on their device. To prevent these attacks, remember to avoid using public WiFi networks and websites with insecure connections.
4. BEC (Business Email Compromise)
This is a phishing scam you don’t want to fall for as it can be one of the costliest attacks a business can face. It usually comes in an email that looks like it has been sent from another employee in the same company, but it is really a cyber criminal imitating them. The email will have a strong sense of urgency asking the victim to send a large amount of money or buy gift cards ASAP. They may also say how busy they are or that they are in a meeting which makes the victim feel guilty delaying or bothering them about the transaction. However, it is always better to wait, if necessary, and double-check with the person the email is from, either in person or over the phone, to confirm the request is real.
The word ‘malvertising’ comes from ‘malicious advertising’ and is a type of phishing attack that hides malicious code within ads on legitimate websites. The ad can install malware or redirect the user to a fraudulent website which is sometimes a replica of the real site the ad was promoting, making it harder to detect if a phishing attack is taking place. To help protect from malvertising, we recommend removing vulnerable software such as Java and Flash or disabling them when not in use and installing an ad blocker on your browser.