Hook, Line, and Sinker: Avoiding the Bait in Today's Phishing Scams

Last week, I shared a cautionary tale about someone who noticed an unusual charge on her debit card, followed promptly by a phone call from someone claiming to be from her bank. They informed her of suspected fraudulent activities on her card and convincingly asked for her PIN and other security details to "stop" the fraud. It all seemed legitimate, and she provided her PIN, relieved to have the problem resolved. Unfortunately, this led to her losing hundreds of thousands of dollars—a story that has become all too common, as evidenced by reports in papers nationwide. This underscores a harsh reality: scams are on the rise, and we, as businesses and individuals, must remain vigilant.

In the fast-paced world of business, where every second counts, the safety of our digital communications can sometimes take a backseat. However, recent global trends in phishing campaigns should be a wake-up call. An increasing number of employees are being caught clicking on, opening, and failing to report suspicious emails. While we collectively understand the pressures of a busy schedule, it is crucial to remember that it only takes one compromised account to endanger the entire organization.

Training is only one line of defense. We must all take the time to protect ourselves and the enterprises we work for.

Simple Steps to Safeguard Your Information

It’s easy to fall into complacency and assume we're immune to online scams, but the reality is different. Scammers continuously refine their strategies to catch even the most cautious among us off-guard. Here’s a quick refresher on basic digital hygiene:

• Avoid clicking on unfamiliar links in your emails.

• Be skeptical of unsolicited phone calls from unknown numbers.

• Think twice before sharing personal information online, even if the request appears legitimate.

Common Themes in Business Email Compromise (BEC) Attacks [make bold]

Our research indicates that most BEC attacks try to lure victims using familiar business contexts. Here are some common themes to watch out for:

1. Payroll Diversion: Requests to change bank account or payroll details.

2. Request for Contact: Seeks personal contact details like mobile numbers or personal email addresses.

3. Urgent Tasks or Favors: Asks for help with supposedly urgent tasks.

4. Availability Checks: Sends brief queries about your presence in the office.

5. Invoice Transactions: Notifies about overdue invoices.

6. Gift Purchases: Proposes buying gifts for employees, often asking for gift cards.

7. Wire Transfers: Directs preparations for large money transfers.

8. Document Requests: Asks for sensitive documents like W-2 forms or vendor lists.

9. HR Communications: May claim to update office policies or personal records.

By familiarizing ourselves with these tactics, we can better protect our personal information and the integrity of our business operations. Let's all commit to being more vigilant and proactive in our approach to cybersecurity.