Cybercrime continues to be a major threat to your organization’s security, and there’s no way to really escape it. Hackers are so prevalent on the Internet that you could actually be dealing with attacks from all sides. Phishing in particular has seen a dramatic rise over recent years, and you need to be wary of email scams designed to steal sensitive credentials.
In fact, according to the Webroot Quarterly Threat Trend Reports, at least 1.4 million phishing websites are set up every month. These reports estimate that this past May, there was an all-time high for phishing website increase, topping off at over 2.3 million websites being set up during that month. Phishing has become the single most prominent method of fraud in the modern business world, and is responsible for most data breaches worldwide.
2017 saw an uncanny number of phishing attacks. Here are three of them that you may have missed.
Amazon Shipping Phishing Scam
Earlier this year, a phishing scam made it appear that Amazon was sending emails about canceled orders or updates to user accounts. They appeared to be legitimate, but users were receiving these messages even if they hadn’t recently canceled an order. If users clicked on links located in the email, they would be directed to a domain that was either close to Amazon, or an entirely different domain. These emails convince users to hand over important credentials, like login information or financial details (credit card number, expiration date, etc.). If you receive an email claiming to be from Amazon, but you never made an order, be wary of it.
Google Docs Hack
Google Docs works by sending you an email containing a link to the document being shared with you. While it’s a best practice to never click on a link in an unsolicited email, you might think that a message from a company as big as Google could be trustworthy. Unfortunately, this isn’t always the case. This phishing scam works by convincing users to grant permissions to a third-party app rather than actually stealing your credentials. It’s part of a growing trend where phishing attacks are growing more sophisticated, which should raise some concerns for business owners.
IRS W-2 Tax Season Phishing Scams
Your organization has sensitive documents on-file that contain employee financial information, among other important personal data. Tax season is the opportune time for hackers to try and steal this information via phony tax return messages, as users are going to be on the lookout for information on how and when they can process their tax returns. Businesses in particular should be wary of recent phishing attacks asking for specific W-2s or personal information about users.
Is your business prepared to stand against phishing attacks? If you have any questions or concerns, reach out to Integrated Technology Systems at 212-750-5420.