Phishing attacks Get More Sophisticated

Posted by Richard on July 17, 2019

Click a link. Download a file. And that’s where the trouble begins.
Phishing attacks by email or social media attempt to lure you into revealing a password, or download malicious software. And these attacks are getting ever-more sophisticated.
“Scammers have diversified far beyond poorly spelled, purely text-based phishing email these days, Harley says, building entire fake websites and Facebook pages as lures for campaigns. But even the humble phish email has evolved,” according to David Harley of WeLiveSecurity.com.
Some classic ways to detect phishing emails are getting more difficult as scammers get more sophisticated.
– Misspelled words. Sometimes done intentionally to get past filters.
– Links to scam sites. Links can seem real. If they contain bitly or tinyurl they should be treated as suspicious.
– DropBox and Google Drive documents holding malicious code.
– Attachments can appear to be materials you are genuinely expecting from people who should be sending the materials.
Some good rules:
– Hover over the links to see if the domain is genuine.
– Attachments should set off alarm bells. Search for the company and compare domains. Mayflowernursing.com is not the same as Mayflowernursinghome.com.
Names can be spoofed. A sophisticated phishing email might use a name that exists in your database — or the name of someone you know.
If the name seems correct, compare other information in an email to data on the company Website. An incorrect phone number is a tipoff.
If you think you are good at catching phishing attempts, test your skills at:
phishingquiz.withgoogle.com
Hyper-realistic phishing and ransomware schemes
A spate of hyper-realistic phishing and ransomware schemes masquerade as customers.
Typically, targets get an email from a customer in their database. The email is a reply to a genuine marketing email they sent out. The customer’s name is real. The email appears to be an order but it has an encrypted attachment.
DO NOT open the attachment.
Companies do not communicate with attachments to emails. Or, if they do, the recipient expects the attachment.
Before opening any unexpected attachment, call the customer. Make sure you use a phone number from the company’s website, not one included in the email.