Cybercriminals use phishing emails to trick individuals into clicking on a link or email attachment embedded with malware in order to gain access to sensitive information, passwords, or banking or credit card details.
Spear phishing emails are highly targeted and only sent to specific individuals, often using information from the internet to make the emails look personal and legitimate. For example, the email would appear to come from a known employee within the company, but the email address reveals that it was sent from an external source.
Clone phishing is a type of attack where a legitimate email is cloned and then resent from a lookalike address with altered links or email attachments with some malicious ones.
Another method is the use of ransomware. Thieves encrypt data so the data is not available and demand a ransom in return for a code to unencrypt the data. The FBI warns victims not to pay the ransom because thieves often do not provide the code.
Scammers have improved their tactics and their emails look very realistic. In the past it was easy to recognize scam emails due to poor grammar and spelling mistakes. Also the addresses from which they are sent are very hard to visually distinguish from those of recognized companies.
Scammers know and improve their tactics to use human weaknesses: the will to please superiors, fear of breaking the rules, and curiosity. Cleverly playing on these weaknesses, cybercriminals try to make people act before they think.
Educate yourself on email phishing scams and learn to recognize and avoid phishing emails, threatening calls and texts from thieves posing as legitimate organizations such as your bank, credit card company and even the IRS. Do not click on links or download attachments from unknown or suspicious emails.
The Security Summit recommends several steps to protect against data theft:
- Use separate personal and business email accounts using strong passwords.
- Install anti-phishing tools that may be included in security software products.
- Use security software to protect systems from malware and scan emails for viruses.
- Never open or download attachments from unknown senders.
- Send only password-protected and encrypted documents.
- Do not respond to suspicious or unknown emails. If IRS-related, the IRS encourages users to forward to phishing@irs.gov.