Along with shopping, decorations, sweaters with reindeer, and cheer, the holidays are also the high season for scam email phishing skullduggery.
Remember that prince from a faraway land who promised to share his country’s riches with you, and all he needed was your banking details…
These days scammers are much more sophisticated and deploy a variety of technical tricks to evade scanners and get through spam filters behind the scenes.
Scams, a growing trend
The basic idea involves pretending to be a well-known brand and offering a prize in return for some personal information. While not a new story, the scam still catches plenty of unwary people.
Giving Tuesday (Tuesday, 29 November) is a marvelous opportunity for scams impersonating credible sources such as charities, NGOs, and online shopping companies. Get ready for email messages offering giveaways or huge discounts, and all you must do is sign up.
Typically, the message claims to be the second attempt to reach you, and includes instructions to complete a survey, and add your credit card to cover a minimal charge – say shipping. Despite months of waiting, your – name, the product of your dreams, will never arrive. And while you wait, credit card or bank fraud may be underway.
Common Scam Approaches
- Claims of suspicious activity or log-in attempts
- Offers to extend a warranty or service
- Banking or other financial organizations requesting you to confirm personal information
- Requests for you to pay by clicking on a link – a common malware gateway
- Offering refunds or coupons
In a recent survey, Proofpoint found attackers successfully phished more than 80% of organizations in 2021 – a whopping 46 % scam jump from 2020.
Build a Video eLearning Email Security Course
Your team needs timely, engaging, and flexible training to meet security challenges.
Building your own IT security video eLearning library with uQualio – the video4learning platform is a simple, cost-effective way to train your people to be ready for scammers.
The Email Scammers Toolbox
The Multi-Factor Shortcut: Use Subterfuge or Be Annoying
Multi-Factor Authentication (MFA) plays a key role in online security for organizations, but lately, hackers have discovered several ways to bypass it.
Typically, attackers call targets claiming to have false credentials. Once they have established trust, the scammer simply sends the MFA request, and the victim unknowingly authorizes it. Another technique is MFA Prompt Bombing where hackers flood potential victims with countless MFA requests – often late at night or early morning.
Email Malware-Detection Bypass: Mimic Microsoft
Sure, pretending to be Microsoft can be successful, but it’s not always easy.
To gain access to your systems, attackers borrow the Azure domain or Office file types to create the image of being a trustworthy entity to scam you.
Azure’s new App Service enables organizations to quickly create and deploy web-based apps on the Azure platform. To obtain domain credibility, attackers host their malware on Azure which can cause firewalls and DNS servers to accept the source IP as an Azure domain.
The U.S. Federal Trade Commission’s list of phishing scams
Email phishing scam
The most common form of phishing, this type of attack uses tactics like phony hyperlinks to lure email recipients into sharing their personal information. Attackers often masquerade as a large account provider like Microsoft or Google, or even a coworker.
Malware phishing scam
Another prevalent phishing approach, this type of attack involves planting malware disguised as a trustworthy attachment (such as a resume or bank statement) in an email. In some cases, opening a malware attachment can paralyze entire IT systems.
Spear phishing scam
Where most phishing attacks cast a wide net, spear phishing targets specific individuals by exploiting information gathered through research into their jobs and social lives. These attacks are highly customized, making them particularly effective at bypassing basic cybersecurity.
Email phishing scam
The most common form of phishing, this type of attack uses tactics like phony hyperlinks to lure email recipients into sharing their personal information. Attackers often masquerade as a large account provider like Microsoft or Google, or even a coworker.
Malware phishing scam
Another prevalent phishing approach, this type of attack involves planting malware disguised as a trustworthy attachment (such as a resume or bank statement) in an email. In some cases, opening a malware attachment can paralyze entire IT systems.
Spear phishing scam
Where most phishing attacks cast a wide net, spear phishing targets specific individuals by exploiting information gathered through research into their jobs and social lives. These attacks are highly customized, making them particularly effective at bypassing basic cybersecurity.
Digital Security Depends on Everyone being Prepared and Vigilant
Better watch out, so you don’t have to cry, this year scammers have expanded their attacks, built a better toolbox, and are ready for the holidays.
Step up your game before it’s too late!
Discover the simple, cost-effective solution of making your own IT safety video eLearning courses with uQualio – video4learning.
Click here for a free trial.
Achieve Effective & Affordable Video Training
– uQualio is an award-winning, easy-to-use, all-in-one NextGen LMS software for any types of online video training.
