Tag Archive for: email scams

Decryptors
,

You’re Not Imagining It: Phishing Attacks Are Rampant

Does it feel like your inbox is constantly bombarded by phishing scams? You’re not imagining it; phishing emails saw a dramatic uptick in the first half of 2024, a trend expected to be matched in the second half of the year.

Phishing Emails Are Laying Siege to Your Inbox

A report from security research firm Egress found a massive 28 percent increase in phishing emails between April 1st and June 30th, 2024, compared to January 1st and March 31st, with millennials being the most targeted demographic.

The constant rise in phishing emails is likely not a surprise to you, even considering seasonal phishing trends that attempt to use specific events to trick us. But what might be more of a surprise is that in some phishing campaigns, a malicious attachment is no longer the preferred method of catching you out.

Egress found that the number of phishing emails using a malicious attachment dropped by around 30 percent from 2021 to 2024 while phishing hyperlinks grew to become the most popular phishing method. The research puts this change down to a few key changes in security practices, but in short, most folks know about malicious attachments, and organizations have gone to great lengths to block them. Whereas it’s easier to mask a malicious hyperlink and slip through malware and phishing detection tools.

Impersonation Phishing Scams Are Also Rampant

My inbox receives its fair share of faceless, nameless phishing attempts, but there are also slightly better-quality impersonation phishing attempts. Egress calls these impersonation phishing attacks “commodity” attacks, but it’s just a new name for the same threat: “mass-produced, malicious campaigns that typically mimic spam by impersonating brands on a large scale.”

Between January 1st and August 31st, 2024, over a quarter of phishing emails impersonated brands, with a further 16 percent attempting to impersonate the recipient’s company (as part of spear phishing campaigns). As you might expect, the most impersonated brands are the biggest in the world, with Adobe, Microsoft, DHL, and others topping the lists.

But scammers are taking impersonation phishing to the next level, too. Instead of firing out millions of emails and hoping for a hit, some use multi-channel attacks to create a stronger illusion. In one example, Egress found scammers sending a phishing email impersonating Evri (a UK courier service), then following up the email with a malicious SMS (known as a smishing attack). The combination of messaging from a single source using related terms, tracking numbers, and so on is much harder to ignore than a random phishing email or SMS.

How to Spot Phishing Emails and Keep Your Inbox Safe

Egress’ findings are backed up separate research from Abnormal Security, who’s H2 2024 Email Threat Report saw a bonkers 350 percent increase in phishing attacks from 2023 to 2024.

And with the majority of these phishing scams attempting to exploit legitimate domains and email services and impersonate global businesses, it’s important to take a moment to familiarize yourself with how to spot a phishing email.

  • Unofficial Email Addresses That Look Legitimate: Phishers often use email addresses that closely resemble those of reputable organizations. For example, they might use “support@yourbank-secure.com” instead of the official “support@yourbank.com.” Always verify the sender’s address carefully.
  • Generic Greetings and Lack of Personalization: Legitimate companies usually address you by name. Phishing emails often use generic salutations like “Dear Customer,” indicating they don’t have your personal details.
  • Urgent or Threatening Language: Scammers create a sense of urgency to prompt immediate action, such as claiming your account will be suspended unless you verify the information. Be cautious of emails pressuring you to act quickly.
  • Suspicious Links or Attachments: Phishing emails may contain links that appear legitimate but direct you to fraudulent websites. Hover over links to see the actual URL before clicking, and avoid downloading unexpected attachments.
  • Poor Grammar and Spelling Errors: Many phishing emails contain noticeable grammatical mistakes or awkward phrasing, which can be a red flag. Professional organizations typically proofread their communications.
  • Unsolicited Attachments: Be wary of unexpected email attachments, especially if they prompt you to enable macros or contain executable files, as they may install malware on your device.
  • Mismatched URLs: Ensure that the URL in the email matches the legitimate website’s address. Phishers often use URLs with slight misspellings or additional words to deceive users.

With these tips, you’ll spot heaps more phishing emails and boost your security.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from MakeUseOf.com SOURCE

/by

FBI Warns of Escalating Elderly Fraud – Here’s What You Need To Know

In America, more than 93,000 people fall victim to financial fraud annually. Whether you are a victim of identity theft, check fraud, email scams, ATM bank card theft, or another form of financial bilking, the results are devastating.

For older adults, the devastation is swift and nearly permanent. Unfortunately, as technology advances, the FBI (Federal Bureau of Investigation) warns that crooks and scammers are becoming more and more sophisticated in the variations of scams they use to con elderly persons out of massive sums of money. 

Serious Sums

To put into perspective just how severe online and over-the-phone scams are for the elderly, an estimated $28.3 billion is lost annually to these criminals. A retired Navy veteran, Rich Brune, expressed his horrible situation after encountering a Cryptocurrency scam last year. “I will probably be forced to take out a reverse mortgage. I will be virtually penniless as soon as I pay off the IRS.” 

Brune, who is 75 years old, was contacted online by a person posing as a Microsoft employee and told that someone had hacked his computer and his financial accounts were at risk. The thief then instructed him to deposit his money, over five months, into a cryptocurrency account that supposedly was “safe from purported hackers.” 

During those five months, the person stole a nest egg worth a reported $800,000, and another $200,000 is now owed to the Internal Revenue Service because most of the money came from Brune’s retirement accounts. 

Words of Warning

For their part, Microsoft says that every online interaction, whether through their websites or email, must be initiated by the customer. A spokesperson for the tech giant said, “Microsoft will never proactively send unsolicited messages or make unsolicited phone calls to request personal or financial information or to provide technical support to fix your computer. The customer must initiate any communication. Any error message your device initiates will never have a number to call.”

Supervisory Special Agent Keithly of the FBI said the bureau is seeing a massive spike in what they call ‘Phantom Hacker Scams. They relayed this about these particular financial thefts. “It starts with the tech support scam, and the tech support scammer informs the victim that their accounts are at risk of being hacked. And the next player in the scam is somebody purporting to be from a financial institution. And then they tell the victim, ‘Your [financial] accounts have been hacked.”

These interactions impart fear to elderly victims, and the criminals prey on that fear to motivate their victims to move their money. Before you know it, the victims are often broke, and generally, there’s minimal help your financial institutions or the IRS can offer at that point. 

Helpful Information

For seniors, keeping financial records safe and money where it belongs is essential to ensuring their futures are well in order. To that end, the FBI, AARP, and Microsoft all have valuable information for anyone dealing with online interactions. 

  • Microsoft will never initiate contact on behalf of their company or your accounts.
  • The FBI warns that the US government will never ask individuals to transfer money to any government-run agency or cryptocurrency exchange. People should report any attempt to gain that information or activity to their local law enforcement agency. 
  • The AARP advises that you report any contact requesting your Social Security or Medicare/Medicaid information to law enforcement, as these are always scams.

Unfortunately, despite efforts to stem the effects of fraud on the elderly, in 2022, reported cases of crime were up 84% over 2021. Investigators continue to urge individuals to avoid unsolicited pop-ups and messages (both text and email) and to decline to download unknown software or requests for remote access to personal computers. 

Published with consideration from Microsoft SOURCE

/by