Top 5 Types of Email Scams Employees Keep Falling For
How many different kinds of shoes do you own? Think about it. Dress shoes, sneakers, boots, flip-flops, etc., there are so many types of shoes for different occasions.
Similarly, there are many types of email scams that hackers run to steal your information.
And while a scam is a scam, much like a shoe is a shoe, the difference is in the approach. We have reached a critical point in scamming where the wheel is turning at a much faster and more focused rate.
Educating your employees on the kinds of scams and their purpose(s) can go a long way in a strong united defense for your company.
Considering the fact that companies can be down for hours or sometimes DAYS following one wrong click, the stakes are much too high to ignore scamming styles any longer.
5 Most Common Email Scam Styles
The umbrella term for all email scams is social engineering. Its only purpose is to use deception to manipulate you to give out confidential information. They use this information to steal your intellectual property, credentials, money, anything of value in general.
Phishing is the one time that imitation is NOT the sincerest form of flattery. In fact, that sentence should be re-written as "Imitation is the sincerest form of trickery."
As the most popular type of email scam, most phishing emails will include the following things:
- Ask for personal information: these kinds of emails will ask for your personal/company information out right. Send us your address, social security number, or the like.
- Have embedded links: using embedded URLs that appear real. Think: you see USPS.gov, but it actually leads to suspicious, dangerous, and fake websites.
- Urgency: the emails sound urgent. MUST deliver by said time or lose your space if you don't comply now, etc.
These emails are usuallly poorly written. But other times, they look, read, and sound as if they're real. Their primary focus is to steal user credentials and/or information.
Consider baiting phishing’s first cousin. The main difference between the two is urgency vs. promise of goods. While phishing needs something accomplished right away, baiting promises you something for free. Think, free movie tickets, free music, free subscriptions.
Another distinguishing factor between the two is that baiting can be done via free goodies, like thumb drives. Once the encrypted thumb drive is plugged into your computer, it can steal your passwords.
Another form of deception flattery is whaling. This type of attack is set to a narrower target and is made to look not only believable, but also trustworthy to its target.
Whaling emails masquerade as senior executives asking for their employee to do something. A sample email might look like this:
Hello good afternoon
As we spoke earlier, there are several pending payments. I will send you the available documents once the wire transfer has been processed.
How soon can I expect this transfer to be done?
It seems simple enough to ignore, but imagine if this landed in the inbox of a busy accounting professional?
Whaling scams will always come from a person of authority and be looking for money in any form. Things like money transfers, bank payment, or even W2's.
They're easy to miss because they have common language and are usually human-written, so spam filters can't identify them as easily.
Harpooning and Whaling are the same scams; the difference is the recipient.
While in whaling, the hacker is parading around as the CEO, harpooning is when the C-levels are the email recipients.
These emails usually have personal information about the C-level and will look like a legitimate company sent it to them. While subject lines vary, they tend to say things like "critical" or "urgent."
Using embedded links to malicious URLs or attachments, the C-level’s computer becomes infected with malware. The hacker can now collect whatever information they please.
In short, piggybacking is a download you authorized that came with smaller software tied to it.
Most, if not all, of us have fallen to some kind of piggyback. Have you ever noticed after updating your web browser a new toolbar has now attached itself? That is piggybacking.
These are dangerous because you might click something in an email and allow it to "run."
Your computer seems unchanged, so you assume it was a broken link and that your computer is fine. This hidden spyware has other plans. It’s now just sitting on your computer waiting for you to open anything that requires a password to collect your credentials.
All scams pose a danger to every organization, big or small. It's vital that your employees are educated on how to identify email scams.
Whether you use a managed IT services provider or an internal IT department, look to them for guidance on best practices. Hold companywide training, and be sure to keep everyone in the loop on current threats.
Things change rapidly in the world of tech. We'll keep your business up-to-date on the latest information technology news so you can stay in the know
About Accent Computer Solutions
Accent Computer Solutions is a managed IT services, cyber security, and IT support provider, serving businesses with 40 – 500 employees throughout Southern California. Businesses come to us because they want to use technology to move business forward and get the expertise they need to manage cyber risks and regulatory compliance. We can work alongside your internal IT team to make them more successful, or we can become your entire outsourced IT department. We also assist companies that need to attain CMMC or NIST compliance and uncover security gaps with cyber security assessments.