Top Phishing Scams to Watch Out for This Fall
Phishing emails remain one of the biggest threats to business networks because they are the main delivery method for multiple cybersecurity threats.
32% of data breaches involve phishing and 94% of all malware (ransomware, viruses, etc.) are delivered via phishing email.
While having managed IT services and a good cybersecurity strategy can mitigate your risks, it’s also important to keep your employees educated on the types of scams that may be coming into their email inbox in the midst of a busy day.
This year is especially busy for phishing scams and especially dangerous for Wabash, IN business networks. The coronavirus pandemic has led to a spike in phishing attacks related to the virus, which are now mixed in with other types of attacks, both seasonal and opportunist.
During the pandemic quarantine, phishing emails increased 350%.
We’ve put together a list of some of the top phishing scams that you and your employees need to be aware of so you can make it through the fall without falling victim.
Be On the Lookout for These Phishing Scams
Before we get into the list of scams, let’s review some basic phishing safety that employees should know.
- Hover over links without clicking them to reveal the true URL
- Don’t trust an email just because the “From” email address looks legitimate (these can be spoofed)
- Never visit a login form from a link in an email, go to the website directly
- Never open email attachments if you don’t know who sent it or weren’t expecting it
- View the email source code to see the actual email sender
- If you receive a strange email from a vendor (like a web hosting company) don’t click it, call them to confirm it’s really from their business
- Be aware that phishing scams use intimidation tactics, like fear, to get you to click before you think
This fall’s phishing threats are a combination of seasonal favorites, everyday threats, and new twists on the pandemic crisis. Here are the scams to watch out for.
Gift Card Phishing Scams
The holidays are just around the corner, which means the annual resurgence of gift card phishing scams. These take the form of a fake email purporting to be from a manger or supervisor with an urgent instruction to purchase gift cards from Amazon, iTunes, or somewhere else to use as company gifts.
Key elements of this scam are that the sender typically states they need the gift cards right away and the employee will be reimbursed when they “get back to the office.” It also often includes a note that “I’ll be in meetings and unavailable for calls” and asks that the gift card codes be emailed to them.
Election Related Scams
Another major phishing attack to watch out for are those related to the upcoming election or any type of voter information. These scams may promise “voter registration details” or other election related information and provide a link to a malicious website.
The FBI sent out an alert on October 2, 2020 about this type of scam, warning that that cybercriminals are using spoofed internet domains and email accounts and may pose as an official site. They warned to look for slight spelling errors like “electon” instead of “election” and that the site may have a .com instead of an official .gov domain.
Fake Microsoft File Sharing Email
A particularly dangerous phishing scam that can trick users into giving up their Microsoft 365 account login details looks like an innocent file sharing request.
The request is spoofed to look like a colleague is trying to share a Microsoft document and the link appears to be to a legitimate OneDrive or SharePoint file. But when the user clicks, they’re taken to a spoofed login page that hackers have designed to steal their username/password.
Coronavirus Company Policy Scam
One coronavirus phishing scam that takes advantage of the fact that many employees are working from home and may not be as connected to their co-workers as usual.
It purports to be from the HR department or a company working with the HR department on “COVID related strategies.” The email will contain a link to a download the “new company infectious disease policy” (or a similar sounding document).
Employees are intimidated into clicking the link because the email says it’s required that they read and acknowledge the document by a certain date and time.
Fake Order & Shipping Delivery Scams
Another scam category that heats up during the holiday season when everyone is shopping online are those that pretend to be order confirmations and shipping notifications.
The emails will spoof a notification from a well-known company like Amazon or UPS. They include fake links to sites that will do one of two things when visited:
- Automatically download malware on the user’s device; or
- Spoof a login form for a site like Amazon meant to steal the user’s account password
Is Your Business Properly Protected from Phishing Attacks?
Skyline Business Technology can help you reduce the amount of phishing and spam that ends up in user inboxes as well as help you put safeguards in place to block malicious sites.
Contact us today to schedule a consultation. Call 260-225-3133 or reach us online.