More in this Section:
The reason phishing attacks remain popular is they’re extremely effective. The best ones can go nearly undetected and can cause devastating damage individuals and companies. You will want to be on the lookout for these three active attacks. Click the blue text for more information about each type of attack.
Phishing attack 1: Holiday shopping
Hackers are taking advantage of the popularity of online shopping this time of year. They’re sending out emails disguised as receipts from Amazon, eBay and other online retailers. And unlike lots of fake messages, these aren’t always easy to distinguish from the real thing.
Other common disguises for phishing attacks this time of year include failed package delivery notices from FedEx, UPS or the postal service. It wouldn’t be surprising to users that a package would be delivered, so they might just enter some information to verify it.
How to stay secure: Receipts, banking information, and other sensitive materials would never come in the form of a Word or PDF attachment. If they get a message that appears to be from a legitimate source, you should log into their account in a separate browser window and check for notifications there. That’s where companies would actually post the information.
Phishing attack 2: No more creating sites
According to a recent Google report, some well-designed phishing attacks have a 45% effectiveness rate at stealing persona information. That’s astonishingly high. Part of the reason these attacks are so effective is that they are well-crafted. Great time and effort is put into making the sites look just as legitimate as the real thing. But TrendMicro has recently discovered a phishing attack that doesn’t need to create fake pages at all. Instead, hackers create a relay page that users are tricked into opening. From this relay page, they browse the actual, legitimate site as usual. It’s only when they go to check out their purchases that they’re sent to a malicious copy of the checkout page that collects their account information.
Without needing to create similar looking sites, one of the most labor-intensive parts of the phishing process is taken away – along with the easiest way to detect it’s a forgery, design mistakes. Everything looks legitimate, and users likely won’t realize they’ve been had until their information is gone. The icing on the cake: Users even get an automatically generated confirmation email of their purchases (which will never actually arrive).
How to stay secure: These attacks are mostly being run overseas and have not made it to the United States yet, be on the lookout. If you get special deal emails from websites you don’t normally use, go to the website directly instead of using links. Any deals posted in emails will also be on the store’s website.
Phishing attack 3: Preying on instincts
One final attack to be on the lookout for: the opportunistic ones meant to cash in on users’ fears and sense of compassion.Most recently, that means Ebola phishing scams. It started as fake news stories meant to prey upon users’ fears and offers of medications or other “beneficial” services.
Now, attackers are moving on to another basic emotion, sympathy. They’re setting up fake charitable organizations or soliciting donations for real ones that will never reach the intended charity.
How to stay secure: Using current events to fool users into giving up information is nothing new. You should only give directly to trusted organizations and realize that in the wake of any disaster or tragedy, there are bound to be scammers looking to cash in.