Phishing attacks are specifically designed to bait us and then snag us. It’s easy to get caught.  

Cybercriminals who prepare these strategic attacks will sink to inhumane levels in order to create trust and trickery. 

The most common phishing attacks are emails, messages or meeting requests that evoke panic or a sense of urgency and cause us to click on a link or download a corrupted file. From here, it’s as if a private safe containing confidential information and monetary treasures has been unlocked and looted. 

How Bad Have Phishing Attacks Become? 

Even as of a year ago, Phishing attacks account for more than 80% of reported security incidents.

Now, the numbers have continued to grow exponentially as the stress of both an unforeseeable future and the isolation of a remote workforce continues “…there were over 60,000 phishing sites reported in March of 2020 alone.” 

Cybersecurity experts are remaining ultra-vigilant and planning advanced protection against future attacks. They are also preparing for phishing attacks to become even more dubious in masking that they are illicit attempts to gain access and penetrate our systems and sensitive information. 

Examples of Recent Phishing Scams:  

The problem with phishing scams in general is they already appear as perfectly legitimate. Now throw in the concerns and distractions of this unprecedented time and absolutely anyone, regardless of position, can fall prey. 

Successful phishing scams can include:  

• Notifications that something is wrong with your “account” and you need to click a link to reset your password or login information.  

The website you are sent to looks 100% legit and before you know it, you have given them your username, old password, and your new password (which you may use in other accounts).  

These attacks can appear as if it comes from your bank account, your credit card account, Amazon or other online shopping sites, even your Netflix or other subscription-based accounts. 

The key is any TRUE site sending you an alert about your account will NOT SEND A LINK – they will direct you to go to the website via your browser. From here you can validate the source and proceed as directed. 

• Emails, messages, meeting requests that appear to come from someone you know.  

One of the first things cybercriminals grab is your contact list. Why? Because they then know the people, their businesses, titles, and emails. Also known as “spear phishing” this information can lead cybercriminals to send emails and notifications from people in charge such as CEO’s, CFO’s, Accounting and so forth with a link or file for download.  

Employees, particularly those working remotely, must stay in frequent communication with their coworkers, colleagues and supervisors to double-check the legitimacy of communications. Particularly anything that would cause stress, panic, or urgency.  

• “Hackers are sending around fake job termination meeting alerts through Zoom…[specifically,]…Hackers are using these false domains to fabricate Zoom meeting notifications and create fake COVID-19 themed email alerts. Individuals who respond to these alerts usually end up downloading malware or otherwise compromising their data security.” (Security Magazine) 

False domains are URLs that are slightly misspelled or may have a different extension from the legitimate sites. Then when you rollover the link to see if it is safe, this fraud can cause you to think that the domain is true. Additionally, cybercriminals can create fake emails from this false domain containing the name of someone you know.  

Remain hypervigilant. If you receive an email or meeting notification that makes you panic, or give out your security information, contains links or ANYTHING related to COVID-19 such as problems with mask orders, links from the government or even requests from charities, reach out to reliable people to validate the message, email or meeting request.  

What Can You Do to Protect Your Business? 

Contract with a Concensus – Managed IT Services provider. We are dedicated to your protection and monitor your servers and systems 24/7/365.

We can remove phishing scams before they tempt your employees and are up-to-date with all patches and can implement multiple levels of protection from the plague of voluminous cyberattacks. We’ll also protect both on-premise and remote workers.  

At Concensus, our team of cybersecurity experts are here to help your business stay safe.