Cybercrime takes many forms. It’s crucial for an individual and an organization to always take extra precautions to protect their assets. Below are some examples of cybercrime you need to be aware of, along with some information on how to protect yourself better.

Phishing

Do you know that phishing is the most common type of cybercrime? About 74% of organizations experienced successful phishing attacks. In this type of crime – cybercriminals will send you an email pretending to be someone else like your bank. They will try to get sensitive information from you and use this information to steal your money.

The most common subject lines of a phishing attack include:

• Urgent
• Important
• Attention
• Payment
• Request

When these are successful, the information compromised is usually personal data and credentials such as usernames and passwords.

Don’t fall victim to these phishing attacks. When you get an email from an unknown email address, always check the domain and inspect the URLs in the emails for legitimacy. Also, keep in mind that banks will never ask for your personal information via email, especially usernames and passwords.

You can protect yourself from phishing attacks when your computer gets reliable security software. As much a possible, protect your account using multi-factor authentication and always back up your data, so you don’t lose them.

When it comes to scam protection, don’t hesitate to get in touch with DSS.

Spear Phishing

Like phishing, the attackers will make the scam more believable by researching you first. They will attempt to learn your name and address for you to think that they are genuine. In spear phishing — while attackers would fool the employees or managers, the real target is usually the business itself.

These types of scams will be personalized, and email spoofing or dynamic URLs may be used. To bypass security controls, the attackers may ask you to download something. An example of this is when you get an email from Human Resources asking you to log in to a portal using our username and password. When you click on the link in the email and attempt to log in to a fake webpage, your credentials will be captured by the cybercriminals. They can then use these to access your network.

To keep you safe, enable two-factor authentication on your accounts to add an extra step to the login process. Also, when someone emails you something “important” to download or asks you to send a money order to a company account, ensure that you call the sender first. You can also check for the email domain. If the domain is different, it’s most likely a scam.

Vishing

Vishing is the voice-call version of phishing. The attacker will call you from an unknown number pretending to be from a familiar company. They may claim that they are from your bank, the IRS, Social Security Administration, or Medicare. You can spot a vishing scam as there is almost always a sense of urgency in these calls. Scammers will tap into your fear, such as threatening you or informing you of a problem in your bank account.

Some examples:

Compromised bank accounts – they may tell that there is an issue with the last payment you made

Investment offers – these are offers that are too good to be true, such as making a small investment.

IRS tax scam – some of these calls are prerecorded, and attackers may inform you of an issue in your tax return.

To protect yourself, consider joining the DNC list. Always verify the caller’s identity if they provide a callback number. You can also simply not pick up the phone when you don’t recognize the number. Most importantly, never give out any of your personal information over the phone.

Smishing

Also called SMS phishing, attackers will try to scam you by sending you text messages and asking you to click on a link. Be careful when getting strange messages; never click on any link or provide sensitive information, as cybercriminals will use this information to steal money from you.

Cybercriminals may ask you to download malware or lead you to a fake website. To prevent smishing, never respond to these types of messages. Instead, check the phone number and call your bank directly, especially when you are doubtful.

Whaling

This type of attack is usually planned over a long time and targets one person, typically either an executive or a CEO. Attackers will go to great lengths to learn about the person, such as stalking him online. Some may even use spear-phishing to gain access to the business network and learn about the executive through his email communications.

The ultimate goal for a whaling attack is usually wire fraud. For example, a financial executive may get an email from someone asking them to transfer a huge amount of money to a vendor. The email may also contain some urgency of some kind, such as asking them to rush the transfer because they are at the airport heading to another place. Because these attackers will do anything to succeed, they may have researched that the other person indeed planned to go somewhere, and it would make the email genuine.

If you’re not careful or don’t have reliable business security in place, you may lose millions or billions in a Whaling scam.

A few tips to avoid this type of scam:

• Check for the legitimacy of the email, such as the domain name. Ensure it matches the company
• Always stop and think before responding to an email.
• Invest in comprehensive cloud email security.
• Consider establishing a secondary means of communication for verification purposes.