3 Types of Phishing Scams to Share With Your Remote Employees

Byaariya goel

If you’re like most companies, a sizable portion — if not all — of your employees began working remotely due to the pandemic. Many companies have seen the benefits of this practice and are making plans for employees to continue to work from home.  This can save companies thousands of dollars a month, while at the same time preventing the spread of COVID-19. The downside, however, is that working remotely can harm your email security by increasing your vulnerability to phishing threats.

There are three main types of phishing scams to be aware of. Included in this newsletter are tips on how to protect your business from these online threats. This is especially important for businesses with remote employees who work from home or don’t have someone in the office to verify email legitimacy for them.

As previously mentioned, our human nature makes us more susceptible to phishing scams at the moment than most other people around us. However, if you cannot be 100% sure that an employee will fall for a scam, the next best solution is to share these potential dangers with them so they do not fall victim. With this in mind, we have gathered three types of phishing scams and where and how to tell them apart from the real thing.

The three biggest phishing threats your remote employees need to be aware of are:

Ransomware and Malware

We’ve analyzed industry reports to identify trends in ransomware and malware attacks, to determine where cybercriminals are launching their attacks, and what types of vulnerabilities to look out for. Our malware team recommends that you assess your company’s network security configuration settings to determine which vulnerabilities need to be fixed. Contact us to learn about the services we provide to mitigate the risk of ransomware and malware attacks.

Do not take the bait and open any attachments from unknown senders. Even if the email appears to be from a trusted source, always double check any email attachment for signs of corruption or suspicious behavior. The last thing you want is Ransomware or malware overrunning your organization’s computer system.

These spoof emails can appear to be from government agencies like the CDC or from your HR department or organizational leadership. Your employees have likely received quite a few legitimate communications about COVID-19 while working remotely, which has potentially lowered their guard.

Spear Phishing

Spear phishing is a real threat, and it’s only increasing. In fact, many say it’s going to be the cyberattack that disrupts business worldwide. Nowhere is spear phishing more dangerous than in the hands of a COVID-19 ransomware attacker. COVID-19 takes advantage of employee trust and uses spear phishing tactics to gather Credential Validation Information from a seemingly legitimate source – again, like your boss or a vendor – to gain access to company accounts and data. The security awareness training program has spam filtering, but can it stop an employee who trusts someone enough.

The right phishing email can worm its way into even the best information security programs. The scam begins with emails sent from a bogus email address that purports to be your organization’s outsourced nurse case management team, or your email provider (Gmail, Yahoo Mail and others) asking you to acknowledge a change in their terms of service and provide updated account information. It may ask for personal details such as address, credit card information and social security number — everything an identity thief may need to complete the scam.

Business Email Compromise

Business email compromise (BEC) has cost U.S. businesses $1.7 billion in 2019.3 It can target anyone in your company who performs transfers of funds. Business email compromise (BEC), also known as CEO fraud, is a widespread threat that continues to grow. The FBI reports that BEC scams have cost U.S. businesses $1.7 billion so far this year, and the average loss amount reported by the FBI was $140,000 in 2019, up from $119,000 in 2018.” BEC is the number one scam targeting businesses. It is a newer scam where hackers impersonate your business contact and request funds be wire transferred to an account the business doesn’t control. This new phishing scheme can target almost anyone in your company who performs transfers of funds.

Ask your employees to follow basic email hygiene practices to prevent unauthorized intrusions. While deploying the latest anti-virus software, thwarting malicious payloads distributed by email and implementing email authentication services like DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting & Conformance (DMARC) will prevent email spoofing. Besides email security, enforce strong password and authentication management policies to boost the security of business email accounts.

BEC is an attack that can be hard to prevent. It often relies on impersonating trustworthy transfer requests or fake invoices to trick recipients into sending money. The sophistication of the attacks make them hard to notice. But businesses can implement security best practices to protect themselves from BEC attacks, including awareness training for employees and policies around employee computer use and Internet access. Phishing emails that request bank account information, wire transfers or other business actions are common, but one very specific form of cyber attack is rapidly gaining ground: Business Email Compromise (BEC).

BEC adversaries are relentless in their pursuit of monetary gain, continually refining their tactics in order to trick employees into making fraudulent wire transfers. This threat is compounded by the growing tendency of businesses to conduct business online through vendors and partners that they may not know very well. Some aspects of BEC attacks can be familiar with phishing or other forms of social engineering. But the reality is that BEC differs in its very nature, given its reliance on impersonation of existing entities with which businesses already do business.

BEC threats are designed to trick employees into making a wire transfer payable to a scammer. Learn how to prevent BEC schemes and other employees from falling for them. You’ll also learn how BEC threats have evolved to become a prime security challenge facing many organizations, including examples of common BEC offers, how they can be adapted to target different industries and business types, and the best ways to train employees not to fall victim.

Source :-https://atozcybersecurity.blogspot.com/2021/09/3-types-of-phishing-scams-to-share-with.html