Online fraud is at all time high.
It’s in everyone’s best interest to have a basic understanding of the types of common phishing scams online fraudsters use. Help avoid a cyber crime attack by recognizing the signs. Here are eight types of phishing scams you need to be aware of:
1) Deceptive Phishing
Deceptive Phishing is the most common type of scam. Fraudsters impersonate a legitimate company and try to steal people’s personal information or login credentials. Often, they include a sense of urgency or a threat to scare users. For example, a PayPal scammer would send an email that instructs you to click on a link in order to correct a discrepancy with your account. The false link would lead to a fake PayPal login page that would collect your credentials for the attackers.
2) Malware-Based Phishing
Malware is software written to harm and infect a users’ PC. This includes viruses, spyware, adware, trojan horses and worms. Ransomware, an advanced form of malware, is used to execute financial fraud and extort money from computer users. Your screen may show a pop up warning that your have been locked out of your computer and that you can have access only after paying the cyber criminal. One particularly infamous type of ransomware is Cryptolocker, a trojan that targets computers running Microsoft Windows.
3) Session Hijacking
Session Hijackers monitor your activities online until you sign in to a target account or purchase something online. Then, they can use your credentials to undertake unauthorized actions, such as transferring funds, without your knowledge. This is why we include SSL certificates with our fixed-fee, managed IT services plan ServiceWorks, as encryption helps prevent any hijacking attempts.
Pharming is when a hacker modifies a company’s website host files and covertly hijacks your computer and directs to a fake site. There’s a good chance you won’t realize that the website isn’t legitimate. In most cases, a faux-site where you enter confidential information looks identical to your bank, or online shopping sites like eBay or Amazon. The faux-site is controlled by hackers who gain access to your credit card numbers, account password, etc.
This is why we always ensure our ServiceWorks clients use an up to date anti-virus program which protects them from unauthorized alterations of the Host file. It’s also important to always download the latest security updates, or patches, for your Web browser and operating system to stay protected. Just to be sure, always check the ‘HTTP’ address. When you visit a site where you’re asked to enter personal information, the ‘HTTP’ should change to ‘HTTPS’. The “S” stands for secure.
This particular variety of spyware tracks keyboard input and then sends relevant information to your cyber stalker via the Internet. Keyloggers can be installed on your computer by a virus, worm or Trojan. Fraudsters capture your account numbers and passwords as you type, which gives them enough information to empty your bank accounts and set up credit cards in your name. Thankfully, good anti-spyware will protect your computer against known viruses, worms, and Trojans of all types. Resist the temptation to download “freeware”, such as free screensavers. Keyloggers can easily attach themselves to free software offered over the Internet, so only download from reputable sources.
6) Business Data Theft
Cybercriminals don’t care about the size of your organization, it’s the type of data that matters. In fact, SMB’s are much more likely to not be well protected, which makes the job easier. Too many small companies mistakenly think they can fly under the radar because they are not that lucrative and have hardly any assets.
Did you know that 62% of SMB’s have been victims of a cyber breach? Scammers steal confidential customer details, intellectual property, legal opinions, employee related records, credit card information and more. Small businesses shell out an average of $38,000 USD to recover from a single data breach. Avoid losing current and potential clients by investing in regular system checks to ensure your organization’s data safety. Our ServiceWorks clients are secure in knowing that they are protected with Security Audits, Remote Monitoring, Data Backup and Business Continuity.
7) Content Spoofing
Content Injection Phishing or “spoofing” is where the scammer changes a part of the content of the page of a reliable site. Users can be mislead to go to a page outside of the legitimate website where they will be asked to enter personal information. A quality IT provider can ensure that your website is not vulnerable to a hacker’s malicious code.
8) Search Engine Phishing
Search Engine Phishing occurs when cyber scammers create websites with irresistible offers and have them indexed legitimately with search engines. People find the sites while they’re looking for products or services online, and are fooled into giving up their information. Remember, if it seems too good to be true, it is.
Anyone connected to the internet can be hacked. That’s why it is incredibly important to protect yourself and your business as much as possible. Be aware of current common phishing scams, keep your operating system and software updated, and always use exceptional security software.