Phishing scams involve gaining a user’s trust by imitating a known company or service. A scam can target you with a phony email from your streaming service provider, for example. They’ll ask for your login credentials or payment for a bill that doesn’t exist.
Spotting these malicious email messages is getting harder. A recent scam involved fake UPS emails with embedded links that appeared legitimate. Click the link, and it’ll take you to a page that again seems real. Then malicious files are downloaded. Tap or click here to learn how this was done and how you can avoid it.
Scammers can go beyond your personal trust and get into your professional life. They’ll hit you with messages that appeal to your sense of duty to your job. These types of scams are known as business email compromises (BEC).
Here’s the backstory
Cybersecurity researchers at Intel 471 revealed some frightening figures. BEC scams accounted for $1.8 billion in losses last year and represented 43% of all cybercrime losses.
Poor grammar, spelling and punctuation are dead giveaways for scams. Unfortunately, bad actors are finding ways around this. Intel 471 reports that cybercriminals are recruiting native English speakers to craft more legible and correct messages for email scams.
This is especially important when targeting employees, who will be more vigilant upon receiving an email that’s supposedly from their company or a vendor their company works with.
Intel 471 found a case where a scammer took to a Russian cybercrime forum to search for English speakers to aid him in his BEC attacks. He had access to Microsoft Office 365 domains and wanted to get to work.
One threat actor posted some help wanted ads for people to work on the social engineering aspect of his scheme while he would handle the technical stuff.
Another Russian language scammer posted on a cybercrime forum that he sought to launder sums up to $250,000 using a cryptocurrency scam. These are dangerous emails that you don’t want to find in your inbox.
Protection against BEC scams involves training employees on what to look out for. An email authentication protocol may also be put in place by your company to detect fraudulent emails before they reach employees. Here are some tips to avoid falling victim:
- Be suspicious of any links you receive. When in doubt, don’t click.
- Don’t open attachments you receive in unsolicited emails.
- If the message gives you a sense of urgency, delete it.
- Keep your operating systems, apps and devices updated with the latest official software and patches.
- Hover over a link to see if the URL is legitimate. Be careful, as scammers can even navigate around this precaution.
- Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan with TotalAV for only $19 at ProtectWithKim.com. That’s over 85% off the regular price, just for Kim’s readers and listeners!