Phishing attacks are a serious threat to businesses, 75% of organisations from all over the globe experienced such an attack in 2020. Current e-mail scams take many forms, and it isn’t just high-profile attacks that employees and employers need to be aware of. E-mail scams connected to phishing, such as spearfishing emails, are increasingly a threat to companies data and operations but other attacks include spam, malware, data exfiltration, and impersonation. Connected Platforms provides IT support Brisbane wide and we’ve assembled this blog to help increase your awareness and understanding of current e-mail scams so that you can prevent them from happening.
Phishing
The most common of all e-mail scams, phishing attacks lure users into believing a message comes from a trusted source and entices them to reveal sensitive information, wire money, or log in to an account for the attacker. Phishing attacks come in a variety of forms and include spearfishing emails, e-mail spoofing and business email compromise schemes.
Spearfishing
A spearphishing email is an attempt to steal sensitive information from you or a company and includes business email compromise (BEC) scams such as CEO fraud or false invoice scams.
E-mail spoofing
These current e-mail scams revolve around impersonating trusted sources and mimic organisations victims trust. Major attacks have seen scammers pretend to be PayPal, Amazon, and FedEx which makes it easy to trick staff into opening the compromised email.
Business email compromise schemes (BEC)
These types of e-mail scams are a variant of the spearfishing email and are widely used, so much so, that 65% of organisations reported facing this type of threat in 2020. The three most common and current e-mail scams in this category include:
- CEO Fraud– Where attackers pose as a CEO and trick employees into revealing information.
- Account Compromise– When criminals take over an account and begin requesting invoice payments.
- False Invoice Scams– Based around social engineering and e-mail spoofing this type of fraud is aimed at an organisation’s financial department.
Spam
Unsolicited and high-volume, this type of threat is sent en mass and commonly referred to as junk email. Spam can perpetuate scams and fraud while often looking like it has been sent by a popular commercial brand. It baits victims into revealing credit card information or other sensitive personal details.
Malware
Software designed to damage technical resources, interrupt operations, extract data or access sites remotely. Often distributed by an email attachment or a URL linked to harmful content. Malware comes in many forms such as viruses, worms and ransomware.
Data exfiltration
These attacks happen, accidentally or intentionally, when data is taken or copied from a device without the owner’s approval. This can be achieved by using physical access to a computer and by using harmful programs on a network or the internet. Also, known as data theft or data leakage, it commonly results from human error.
Impersonation
A broad style of attack that encompasses scammers pretending to be a person, organisation, or service and is frequently connected with phishing.
- Domain impersonation– Subtly and tricky, this style of attack occurs when hackers impersonate a domain. For example, if an attacker were pretending to be thankyou.com they may use thankyu.com as the URL.
- Brand impersonation– Crafted to act as a company or brand, this type of attack tricks the victim into disclosing personal information. Attackers can attempt to imitate a service offered by companies or pretend to be an employee of the organisation.
Searching for more security?
Connected Platforms offers small business IT support Brisbane wide and are happy to help protect and secure your information. Please connect with us on 07 3063 6932 or request a FREE IT Health Check. Our managed IT services Brisbane team will work with you to provide efficient and effective IT solutions.
