This is a guest post for Skills You Need.
Want to contribute? Find out how.
Top 5 Phishing Scams to Watch for This Year
Fishing is supposed to be relaxing but phishing is a recipe for stress.
While the sophistication of the average internet user has increased in recent years, phishing remains a threat thanks to cyber attackers who launch ever more sophisticated scams.
There are a variety of different phishing schemes making the internet rounds, which makes it difficult to become an expert on avoiding them all. Unfortunately, some of the most brazen and successful phishing scams from recent years can be expected to continue their dominance this year.
How big is the problem? Ransomware attacks hit a business every 14 seconds and the associated damages are expected to climb to $11.5 billion in this year
With awareness, however, it's possible to protect yourself, your colleagues and your company.
What Is Phishing?
For those who have heard the term but aren't clear on what it means, "phishing" is an effort by a nefarious party to elicit sensitive personal information from individuals or businesses.
In other words, one party tries to trick another into revealing login, password and/or account information over the Internet or by email in to steal funds or sell the victim’s personal information on the Dark Web.
Top Five Phishing Scams
Phishing remains a popular attack for criminals because it's effective. Moreover, it's much easier to lure an unsuspecting person into clicking a link or divulging sensitive information than it is to complete a hack.
This is why there's such a variety of phishing scams to be found.
Here are the phishing scams five that are most likely to make headlines.
In a ransomware attack, your computer files are held hostage until you agree to pay a sum of money to regain access.
Of course, there's no guarantee that you'll ever be able to get back into your computer.
Ransomware is frequently spread via a phishing scheme that involves emails with attachments that are opened by the victim. Opening the attachment is enough to infect the system with malware. Suddenly, the victim can't access the data on their computer because all of the files have become encrypted. This encryption can only be broken using a key that the cybercriminal holds.
The victim receives a message telling them to transfer a certain amount of Bitcoin to the attacker in return for the key. It's incredibly easy to get duped into this scam, even for otherwise savvy people.
People who mine for cryptocurrency quickly discover that it's a time-consuming and expensive endeavor. Looking for shortcuts is only natural. Unfortunately, some of those shortcuts, like cryptojacking, leave other people vulnerable.
Someone who wants to mine cryptocurrency needs a great deal of costly computer equipment, and electricity bills can skyrocket. But if a cybercriminal can trick an unsuspecting person into doing some crypto mining for them, then they reap the benefits of more cryptocurrency without having to buy another server or deal with the increased cost of electricity.
Cyber attackers may send a phishing email to unsuspecting recipients. These emails install the code to execute crypto-mining on the recipient's computer. Clicking on a link or opening an attachment may infect the device. The mining script operates in the background without the victim being any the wiser.
People who notice that their device has become unusually sluggish, overheats easily or shows high processor usage for no apparent reason may be an unwitting victim of this scheme.
3. Business Email Compromise
This has been one of the most prevalent phishing scams in recent years, and it shows no signs of slowing down. The FBI notes that these schemes are sophisticated, often stretching across multiple national borders.
In this scam, a victim receives an email from a well-known business. This may be an organization with which the victim regularly deals. It could be a retailer like Amazon or a social media platform like Facebook. These scams also have been operated with emails that appear to come from a victim's bank or brokerage house.
The fraudulent emails are deceptively similar to those that could be sent by a reputable business. The logo looks almost perfect, and the tone is typically urgent. The message is that there's something wrong with the recipient's account. The customer needs to log-in to the website in order to deal with the problem. Within the email are convenient links for the customer to use for this purpose.
Clicking the link may either download malware to the device or take the victim to a web page where they are encouraged to enter their username and password which, of course, will be captured by the cybercriminal. With this critical data in hand, the attacker is free to steal money, rack up purchases, apply for credit cards or head to the Dark Web to see how much it’s worth on the open market.
If you ever receive such an email, don't click on the links. Go directly to the actual website to check the veracity of the claim. If you run a website, ensure that you're using a recommended web host which offers stout security measures and malware protection. Don’t be afraid to ask about their server protection either. You can have all the security in the world on your local computer but guess where your files are stored? On their server.
4. Cloud File Sharing
The cloud is incredibly convenient for personal and business reasons, but it's not always secure.
An unsuspecting user clicks on a link that's supposed to be from their cloud provider. Unfortunately, they may have just given their login information to a criminal or downloaded malware onto their device.
5. Tax Fraud
If you receive an email that claims to be from the IRS, or other similar statutory authority, be suspicious.
The IRS simply does not send emails to tell people that they owe taxes. With the problem becoming increasingly prevalent, the IRS actually has a web page that helps people understand when they might be the target of an IRS phishing scam.
The Bottom Line
The more aware you are of the popular phishing scams that are out there, the more likely you’ll be able to avoid them. Here’s a good rule of thumb. Be suspicious of all emails from unknown senders and avoid clicking on links within these messages. When in doubt, seek verification from the purported sender. Chances are good that you may have just protected yourself from a scam.
About the Author
Gary Stevens is a full-time front-end developer and part-time blockchain geek.