Phishing attacks have cost US companies somewhere between £508m and £1.43bn over the past two years, as clear a signal as any that email scams are to be taken seriously. While perhaps the most familiar phishing scam, ‘deceptive phishing’, is a simple case of hackers sending fake emails which appear to be from trustworthy companies asking for log-in or bank details, other types of fraud have evolved from this technique and require greater levels of vigilance.
‘CEO Fraud’, for example, occurs when a fraudster sends an email to a company’s accountant, apparently from a figure of authority, requesting a payment to be made. Of course, when it’s a case of phishing, the recipient is the fraudster themselves – leaving the accountant wishing they’d double-checked the request truly came from their boss (or that their employer would use two-step verification). This is how the French industrial firm ETNA Industrie was caught out: a fake request for an urgent business payment, apparently from the CEO, cost them £78k.
The danger continues at home, though: ‘pharming’ is a sub-category of phishing, and occurs when a website’s domain name is hijacked and linked to an imposter site – where you might easily volunteer your payment details without noticing anything’s wrong. If you have the slightest feeling a website might not be legitimate, look for the security certificate. Often, your browser will flag up a suspicious site – but either way, there should be a padlock icon or info button in the address bar that you can check for security information.
With other scams at large, it pays to stay informed. Check out this new infographic, which lists six of the most common phishing scams, describes some of the biggest email fraud stories to date – and offers some straight-forward advice on steps you can take to ensure you don’t become a victim.
[su_box title=”About Cloud Technology Solutions” style=”noise” box_color=”#336588″][short_info id=’68296′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.