3 New Ways Phishers Are Hooking You

Ever inventive, cyber-criminals who specialize in phishing scams are finding new ways to hook you and your personal financial information.

The days of amateurish phishing expeditions filled with typos are long gone. It’s our hope that by learning of the latest techniques, you can stay one jump ahead of this insidious scam.

Survey Phishing
In this ruse, the tired old phishing device asking recipients to “update their accounts” is jettisoned in favor of a purported survey from a bank or other trusted business. Phishers sweeten the pot by promising participants a $5 bonus.

Those who fall for the “survey” actually find themselves telling criminals their account number and PIN, which are then used to clean out their account.

Spear Phishing
Traditional Phishing relies on a scatter-gun approach: many thousands of e-mail users are contacted, in the hopes that a few will respond. The new phenomenon of spear phishing is much more selective. Criminals harvest the e-mail addresses of a small number of people – perhaps only four or five – who work for the same organization. Then, using a “spoofed” e-mail address that looks like it’s from the same organization, they send out a message purporting to be from the company HR or IT department.

Recipients are more likely to fall for spear phishing because they trust the sender, who appears to be a fellow employee. So many unhesitatingly reply with sensitive information such as computer passwords. Which, of course, is where the trouble begins.

Merger Phishing
In this con, phishers capitalize on the large number of mergers in the financial-services industry (there are about 1,500 each year). The idea is that a phishing e-mail seems more credible when it discusses a merger that’s actually in progress. Customers of Bank A are informed, for example, “We’re Bank B, and we’re requesting your account number as part of the merge …”

© National Security Institute, Inc.
– This article is the property of the National Security Institute and my not be copied or redistributed in any fashion without an appropriate licensing agreement. For more information and FREE samples, visit http://nsi.org/SECURITYsense2.html.

See Also: Strengthening Microsoft 365 with Human-centric Security

About the Author

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.