When the Russian Federation invaded its neighbor Ukraine in late February 2022, it didn't take long for fake donation requests in support of Ukraine to flood popular social media sites, email lists, and fraudulent webpages. These fake donation requests almost always request the donation via cryptocurrency (Bitcoin, Litecoin, Ethereum, etc.) and are designed to appear to be from legitimate sources (the Ukrainian government, the U.N., etc.). Phishing attempts such as these are countless, crafty, and pose significant risks to every single person who uses a computer connected to the Internet.
What is a phishing scam?
A phishing scam, or phishing attack, is a method by which an attacker utilizes social engineering to trick someone into clicking a link or surrendering sensitive information with the intention of deploying malicious software or committing fraud. Phishing can be committed via text message (smishing), telephone/voicemail (vishing), digital calendars (calendar phishing), and, most commonly, email (email phishing).
Being able to spot phishing attempts, as well as other scams, is critically important in preventing not only financial loss, but data loss as well. Scammers utilize various phishing methods to obtain funds fraudulently and to break into a victim's computer network, which can have devastating and far-reaching consequences.
How to spot phishing attempts and other scams:
- Use caution with spelling/grammatical mistakes or out-of-place information. This is usually a dead giveaway that something is wrong, as oftentimes scammers will change a word slightly to make it appear legitimate. Watch out for email addresses such as email@example.com or links such as www.yourbank.contactt.com (the former doesn't come from Amazon at all, and the latter makes it appear that the site is yourbank.com when the actual site is contactt.com).
- A sense of urgency should always be a red flag. Scammers and hackers utilize a sense of urgency in their language to lure users into a trap. While there are many situations in our lives and around the world that truly do require urgency, it is very important to take a step back and examine the Who, What, When, Where, and Why anytime we are asked to give up our network credentials or financial information, especially if we are made to feel rushed.
- Official/verified sources are not always legitimate. Several years ago, numerous verified Twitter accounts of prominent public figures were hacked. Tweets were sent out from these verified, official accounts fraudulently asking for Bitcoin, and thousands of dollars were lost before the issue could be rectified. If something seems too good to be true, it probably is.
Steps to take to protect yourself and your network:
- Ensure your software is up-to-date. This includes not only your anti-virus software, but your browser and operating system software as well. When new threats are detected, fixes are pushed to your applications via updates. If you don't have automatic updates turned on or you've been putting off manual software updates, you may not be fully protected.
- Don't click links in text messages or email where you are not absolutely sure who the sender is. Many phishing attempts rely on an end-user to perform some type of action (e.g., clicking a link) to initiate the attack. These links can be cleverly disguised to appear legitimate. Always hover your cursor over the link itself to view more information. There are also free tools available that will expand a shortened URL for further inspection.
- Take any warnings you are given by your browser or anti-virus software seriously. Companies such as Microsoft are quick to catch phishing sites and disseminate information about such sites to users of the Edge browser, but with the vast amount of phishing attempts out there, this does not happen in real-time.
Though there are countless ways in which we can spot and protect against phishing attempts, one method works best above all else: trust your gut. If something seems "off," take a moment to pause and investigate further. That investigation could save you - and your company - countless, painstaking hours of recovering from a data loss or financial incident.
Here at Beringer Technology Group, we offer a wide range of solutions designed to keep your business operational, no matter what threats may come your way. From backup and disaster recovery to cloud-based CRM solutions such as Microsoft Dynamics, Beringer is at the forefront of helping organizations navigate the daily threat that cybercrime poses.
Beringer Technology Group, a leading Microsoft Gold Certified Partner specializing in Microsoft Dynamics 365 and CRM for Distribution, also provides expert Managed IT Services, Backup and Disaster Recovery, Cloud Based Computing, Email Security Implementation and Training, Unified Communication Solutions, and Cybersecurity Risk Assessment.