Michelle Drolet is CEO of Towerwall, a woman-owned, cybersecurity services company based in Framingham. You may reach her at michelled@towerwall.com.
Updated: April 12, 2021
10 things
10 Things I know about ... Phishing scams
By Michelle Drolet
10) Phishing is the most pervasive attack for compromising your business. Up to 90% of security breaches are the result of social engineering and phishing. A Stanford study claims 88% of breaches are caused by employee mistakes.
9) While phishing attacks seem like ordinary spam, it’s a mistake to view all phishing attacks as generic. Emails, texts and social media posts target anyone who clicks on the message, which then initiates the real attack.
8) With COVID vaccination rollout dominating headlines and kitchen tables, scammers are exploiting on scene, using email, text and social media to phish millions. Every day, Google blocks more than 240 million COVID-related spam messages.
7) Cyber-attackers like to pose as legitimate businesses, government entities and nonprofit groups to fool people into sharing private or sensitive information: clicking a bogus URL will download malware, potentially steal or encrypt your data, setting a trap for ransomware.
6) Scammers toy with human psychology, knowing we are socially distanced yet hungry for social connections; they prey on our curiosity, our distractions, anxiety, and need to stay informed. Social engineering and the spread of misinformation thrive in this environment.
5) Smishing, another method of phishing, involves the use of texting as a delivery mechanism to launch an exploit, knowing how text messages have higher open rates than email.
4) Vishing (phone spoofing) is another attack vector. These robo calls intend to bait people, usually the elderly, into sharing personal information, send money or reset a password.
3) Sockpuppet accounts – entirely fake social media accounts serving as automated, self-propagating bots worsen the situation by increasing phishing attack levels, disseminating false content for financial or political manipulation, successfully dividing friends and family into warring factions.
2) Avoid oversharing personal and professional life details on social media: spear phishing exploits these to bait and convey their messages as legitimate. Verify requests for money transfers, invoices or payment by confirming identities.
1) Work with a local trusted partner to up your security and phishing awareness via simulated training exercises to help root out and repel cyber trickery. Simulated phishing can reduce the average phish-prone percentage by 60%.
WBJ Web Partners
Most Recent
Most Recent
0 Comments