Phishing attacks are extremely popular with cybercriminals. They can ship out millions of emails in a matter of minutes with malicious links, hoping to catch as many victims as possible.
Many of these scams are generic messages, that any random Joe could fall for. However, this new attack is quickly spreading malware and it's trickier than most. It's so clever, millions are being duped by it.
Scammers getting creative
Researchers at Barracuda Networks recently discovered a new phishing attack where the scammer impersonates someone you know. Criminals do this type of social engineering scam to gain your trust. You are more likely to click on malicious links within the message this way.
This latest attack involves invoice status updates. The victim receives an email purportedly from a friend or co-worker asking about the payment status of an invoice. The email is addressed by someone in the unsuspecting recipient's contacts and includes an invoice number in the subject line.
The message says, "I tried to reach you by phone today but I couldn't get through. Please get back to me promptly with the payment status."
Image: Example of phishing email. (Source: Barracuda Networks)
The message also contains a link that you're supposed to click on for invoice details.
Warning! Do NOT click on the link, it's a scam.
The link is malicious and your gadget will be infected with credential-stealing malware. Or you will be sent to a spoofed site. There, you will be asked to enter sensitive banking information, essentially handing it over to the scammer.
Your best line of defense in these types of scams is the ability to recognize a phishing attack. Keep reading for some helpful suggestions.
Be cautious with links
Never follow web links in unsolicited email messages, it could be a phishing attack. Cybercriminals take advantage of popular websites and trending news stories to try and find new victims. That's why you need to be able to recognize a phishing scam.
One thing to watch for with phishing attacks are typos; criminals are typically careless with spelling and grammar. If you receive an email or notification from a reputable company, it should not contain typos. Take our phishing IQ test to see if you can spot a fake email.
Set up two-factor authentication
Two-factor authentication means that to log in to your account, you need two ways to prove you are who you say you are. This adds an extra layer of security and should be used whenever a site makes it available. Click here to learn how to set up two-factor authentication.
Use unique passwords
Many people use the same password for multiple websites. This is a bad idea. If your credentials are stolen from one site and you use the same username and/or password on others, it's easy for the cybercriminal to get into each account. Click here to find out how to create hack-proof passwords.
Do not disclose sensitive data
Unsuspecting people are mistakenly handing over sensitive information to scammers all too often. If you receive an unsolicited email, do not reply with personal information. You don't want it to fall into the hands of criminals.
If a company that you do business with on a regular basis emails you and asks for personal information, type the company's official web address into your browser and go there directly to be safe. If you're asked to call the company, use the phone number found on the back of your credit/debit card so you know it's official.
Have strong security software
Make sure you're using strong antivirus software on all of your gadgets. And keep them up-to-date for the best protection. This is the best way to keep your device from being infected with malware.
Protect your critical data
Cybercriminals are always on the attack. That's why you should always keep a backup of your data, so you can restore your device in case of an emergency. We recommend using an online backup service such as our sponsor IDrive.
With IDrive, you can backup all your PCs, Macs and mobile devices into ONE account for one low cost. Also, it has a great feature called Snapshots.
IDrive Snapshots is a historical view of user data stored in your IDrive account, which allows users to perform point-in-time recovery of their critical files. If your data gets infected with encryption based ransomware, all you have to do is select a timeline before infection and restore it.
Protecting your home network is essential, here's how to keep strangers off your Wi-Fi and out of your files
Is your Wi-Fi network secure against unauthorized access? Not only can it slow your internet connection down, it can also be used for illegal activities and even worse, people can gain access to your files! Your security is a priority and I'll show you how you can keep strangers out.