5 Professional Types of Phishing Scams to Watch Out For
Scammers have always been a despicable, creative bunch. They will try any lie that will trick someone into giving money, sharing private information, or clicking something malware infected. Once, scams were simple. You know what to do if a person on the street asks to “hold” a dollar. We know how to shrug off a scammy telemarketer call, and we know how to ignore emails that hawk romantic prowess. In many cases, our phones and email filters help filter these scams for us because they’re so predictable.
But scammers are notorious for trying new tactics – anything that might work. Since the old classics are being caught by our spam filters and sense of self-preservation, new tactics are on the rise. Most of all, scammers are trying hooks that you can’t ignore and digital methods of contact – making this a Phishing scheme.
You may have been warned about phishing and malicious links, but being careful about which messages you open is easier said than done. Today, we want to improve your preparedness for personal cybersecurity by highlighting 9 of today’s leading Phishing Scams.
1) Pretending to be Your Bank
No one likes to hear from their bank. When the bank calls or emails, it means something is wrong. Modern banking is mostly handled through web portals and mobile apps, so there’s very little need to talk about your accounts with a live person. These reasons combine to create the bank scam – a scheme hackers are sure you won’t be able to resist.
The first step is acquiring just enough of your account information to pretend they are your bank. This includes your name, the bank you’re with, and maybe the types of accounts you have. From there, the hacker acquires an email or phone number with your bank as its registered user name.
Then the hacker reaches out, under the guise of a bank employee, to tell you something is wrong. They may say your account is overdrawn or that there’s a deposit waiting for approval. They may say that your card was reported stolen or that you need to re-confirm some personal information.
These are all guises to get you to share more info than the hacker knows – ideally your password. And if that hacker asks for your texted access code – do not give. Never read an access code over the phone.
2) Posing as Technical Support
Managed IT is a great service, but it’s only useful if you’re talking to the real IT team. Just like pretending to be your bank, posing as IT lets hackers convince you that something is wrong. The thing about IT support is that they almost never call you – most technicians don’t fancy talking on the phone and won’t get chatty if there is an issue to address. Your company’s IT likely also has protocols and routines to go through – routines hackers won’t know or respect.
Do not trust a random call or email saying they are IT or any type of unexpected customer service. Especially if they need to “confirm” a few things before the issue-at-hand can be settled. Remember, hackers may already have your stolen information and may need your confirmation to use it against you with confidence.
For both bank and technical service scams, the best answer is to log into your real account and check out the status. Call the real customer support number – then let them know about the scam being conducted in the company’s name.
3) Reporting a Fake Hack of Your Accounts
Speaking of customer support calls, one of the most common ironic scams is to report that you have already been hacked. Most people panic at this news and feel that the person telling them is an ally. Do not trust being told that you’ve been hacked. If the news didn’t come from a trusted source and a confirmed legitimate channel, this is very likely to be a hacker chortling their way to your passwords.
Never work with a customer service agent (who called you) to resolve a hack. Once again, reach out through the proper channels to the IT or account managers who are known to be responsible for your security. If the report is that your identity has been hacked, pursue the first steps of securing your identity as if this is true – without working with the hacker.
If someone calls or emails out of the blue saying “You’ve been hacked” , check out your accounts. But don’t trust the caller.
4) Posing as a Boss, Coworker, or Business Partner
Classic Phishing, Spear Phishing, and Whaling all relate to the people you work with. Hackers know that people are used to responding to work messages, clicking work links, and talking to coworkers that they don’t know well. Hackers are aware that you will respond quickly to a request from the boss and send along work documents to someone you believe to be a fellow employee of the same organization.
However, now you know that this trick is common and can protect yourself. Always check your communication channel – ensuring that the coworker is in your contacts list (spoofed accounts won’t be, even if they look the same) and always double-checking with any unusual request. Just call the person you *think* you are talking to through a familiar channel and confirm they (or their other real account) are the ones messaging.
If your double-confirm is greeted with confusion, let your coworker or boss know that their identity is being used for a scam.
5) Fake Job Offers
Right now, a lot of people are on the lookout for a new job – millions more than usual. COVID has shaken up the economy and this has created an environment ripe for scamming. Most people job-hunting are looking for remote work, which is easier to fake, and most people will share their extremely personal information as part of a job application. Your social, your direct deposit number, and your home address are all in that category.
Be extremely careful when investigating job offers. Make sure the company exists and that they are really hiring. Hackers love to use a real company that is not actually hiring – or isn’t hiring through the channels you’ve seen. Sometimes they copy-paste a real job offer. Be especially cautious about outreach offers, where the job opportunity comes to you. Double-confirm the position, even if that means calling HR ahead of time, if you can’t confirm the recruiter’s identity and legitimacy with a little online digging.
Social Media “Outreach”
Last for the day is the rise in social media phishing. This is often the lightest surface-level phish and is sometimes used to gather information before a bigger hacking attempt. In social media, it’s easy for someone to say “Hey, this is my personal account” or claim to be a friend you haven’t spoken to in years. It can also be much harder to confirm that you’re talking to the real person if you don’t have a phone number or work email to contact in parallel.
If you can’t confirm that someone is legit, communicate cautiously. Don’t share your security information and be careful about sharing personal details like what’s going on with your family. Considering what we’ve talked about already, it’s understandable that hackers might even use casual social information to ‘legitimize” a future phish.
Are you at risk of being phished? The answer, for everyone, is “yes”. Hackers are no longer limiting their targets to big businesses or wealthy individuals. Anyone with information, money, or even time to be stolen might become a target. Know your phishing scams and know how to avoid getting phished Contact us today for more cybersecurity insights and solutions.