Blog

Phishing

‘Tis the Season – The Season for Phishing Scams

The holidays are just around the corner and for scam artists, it is really the most wonderful time of the year. Already, the day after Halloween, my personal email inbox started filling up with alerts that I had won a $50 gift card from major retailers (physical and online), packages I didn’t order began arriving and needed to be redirected, and an assortment of other fanciful clickbait just begging to be clicked on.

Many of us believe we are smart enough not to be fooled into clicking on phishing emails but recent surveys found that those of us who know the dangers of phishing still can only properly identify 56% of phishing emails that we receive. And because we still get tricked nearly 50% of the time, phishing has turned into a lucrative business for scammers, generating billions in revenues and growing by over 40% in 2018. Believe it or not, the classic Nigerian prince scam still rakes in over $700,000 a year!

Scammers are gaining easy access to money, user credentials, and healthcare data through a variety of different phishing scams. And they are sending out an estimated 1 trillion emails a year which equates to 3.4 billion emails a day.

There is one simple step that everyone can take to defend themselves against phishing attempts:  Don’t click on links in email but instead go directly to the website (Amazon, FedEx, bank, etc) to see if the offer or information is legit.

Clicking on links directly from emails, even if they appear to be legit, carries a risk that is just not worth taking. I often see emails that appear to be from the bank with an odd misspelling (bankfoamerica.com or  welllsfargo.com– Did you catch the problem?). Scammers have also been getting better at using proper English and grammar to make their emails more difficult to detect although there are still plenty of scam emails that come with weird grammatical errors which are an instant red flag.

For business owners, implement a system of checks-and-balances for sending funds to vendors or distributing sensitive employee information. Encourage your employees to question unusual and urgent requests for wiring money, even it comes from the highest levels of the company because fraudsters are posing as the CEO, CFO, or HR Director to try to trick your employees. Japanese media giant Nikkei was just the victim of a $29 million business email compromise (BEC) scam where an employee transferred money after receiving an email of a scammer who posed as a company executive. Similarly, the City of Ocala, Florida transferred $742,000 to what they thought was a construction contractor for the city but instead the money went to scammers who had sent a fake invoice.

Scammers take advantage of the whatever season it may be for soliciting for information. During tax season, they pretend to be the CEO or HR Director looking for employee W-2’s. During the holiday shopping season, they send great sounding offers for gift cards and surprises from some of our favorite online stores to elicit information. So as the holiday shopping season is upon us, buyer beware… and buyer be wary. Scammers are out to get you and they are getting cleverer every day.