Cyber Thieves Stepping up Phishing AttacksSubmitted by Durbin Bennett Tax Advisors on February 10th, 2017
Based on the latest statistics, identity thieves and cyber-fraudsters are stopping at nothing in their pursuit of your sensitive information and your money. According to Anti-Phishing Working Group inc., phishing attacks are increasing at an alarming rate with as many as 6 million occurring in the first quarter of 2016. That is a 786 percent increase over the prior year. Not only are they becoming more prevalent, they are taking on many more forms, with more than 197,000 variants swirling around in cyber space. Worse, they are becoming far more effective, more sophisticated and more nefarious. Consider that, in 2015, the FBI reported more than 7,000 successful scams involving nearly $750 million from U.S. businesses. With that kind of take, you can expect cyber thieves to become even more relentless in pursuit of your money.
Recognizing a Phishing Attack
Chances are you have been the target of a phishing scam. Most phishing emails show up in your inbox appearing as a somewhat legitimate message from a bank, a retailer, a service company, a government agency or even someone from within your business. It may even include your name in the salutation. In the email you might find an alert about an account that needs updating, a question about recent order you placed, a request to complete a survey or a warning about an account that is about to be closed – messages designed to get you to click on an imbedded link.
Should you click on the link, you will be directed to a website that looks legitimate, but it’s not. Should you enter your login credentials as you are asked to do, you will be giving the phisher all it needs to impersonate you on the actual website, where it will proceed to drain your account or spend your money. However, if you recognized the email as a phishing scam, you simply delete it and move on –until the next one hits your inbox.
More Businesses Paying Ransom for Data
The more insidious phishing scam includes an attachment, which, if you should open it, will deploy an encrypted malware that proceeds to lock down your data. It will then display a message informing you that your data can be retrieved in exchange for a ransom. Ransomware is the fastest growing phishing scam, accounting for more than half of all attacks because it is often successful. It is by far the easiest of all cyber attacks to monetize, providing a quick return on investment. Because the price point of the ransom is typically low, in the range of $500 to $1,000, the victims, which tend to be small to medium-sized businesses, pay quickly rather than expend the resources required to recover the data by other means.
Spear Phishing Harder to Detect
As evidence of the growing sophistication of cyber thieves, an increasing number of individuals and businesses are being targeted by spear phishing. Whereas traditional phishing targets a broad and random set of email accounts, spear phishing emails are designed to look as if they originate from someone you know and trust, such as a colleague or a superior. The subject line may include a reference to a particular project or relevant industry information. The attacker may have studied your Facebook, Twitter or LinkedIn accounts to gather the intelligence used to impersonate a person of trust. As with ordinary phisher mail, it will include an attachment or link, that when opened, will unleash a malicious virus such as ransomware or an undetectable spybot that can drill into the backdoor of your network and siphon off sensitive data.
You are the First Line of Defense
Phishing emails are especially effective because, once they land in an inbox, their viruses can elude a network’s firewall protection or security system; and the attacks reported by businesses today are not coming from penny-ante fraudsters operating out of their basements; rather they are devised and launched by major crime organizations, international in scope, with the resources to stay one step ahead of security systems. That means you and your employees will always be the first and last line of defense. It requires continuous vigilance by everyone operating a computer to prevent a phishing attack. Cyber thieves are getting smarter, but their phishing attacks can still be detected when you know what to look for:
False “From” address: You may receive an email from a business that looks legitimate, but a closer look might reveal a misspelling or an extra dash or underscore. Often times the lower cap letter “L” is replaced with the number “1”.
Generic salutation: Emails that don’t include your name in the salutation are spam and should be deleted.
“Phishy” salutation: If you see any other form of your name other than your proper first or last name in the salutation, delete the email. For example, if you see your email moniker (i.e., smjohnson) as the salutation, delete the email.
Urgent call-to-action: If the message includes an urgent call-to-action, such as “action required” or “your account will be closed,” give the email some extra scrutiny.
Request for sensitive information: Legitimate businesses never ask for sensitive information in an unsolicited email.
Fake links: Links can be made to look like the real thing. Look to see if the company name is spelled correctly and is in the right location in the link. Also, look for the https:// in the URL address. If it doesn’t include the “s”, it is probably a fake.
There is no better defense against security attacks than becoming thoroughly educated about the risk and arming yourself, your family and your employees with the knowledge to prevent them.
*This content is developed from sources believed to be providing accurate information. The information provided is not written or intended as tax or legal advice and may not be relied on for purposes of avoiding any Federal tax penalties. Individuals are encouraged to seek advice from their own tax or legal counsel. Individuals involved in the estate planning process should work with an estate planning team, including their own personal legal or tax counsel. Neither the information presented nor any opinion expressed constitutes a representation by us of a specific investment or the purchase or sale of any securities. Asset allocation and diversification do not ensure a profit or protect against loss in declining markets. This material was developed and produced by Advisor Websites to provide information on a topic that may be of interest. Copyright 2014-2016 Advisor Websites.