Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when a cybercriminal, masquerading as a trusted entity, tricks a victim into opening an email, instant message or text message. Below are 6 common types of phishing attacks to be on the lookout for!
Account verification phishing emails appear to come from a well-known company (i.e.: Netflix) and will ask you to sign in and “correct an issue” with your account.
You will usually find a link that will point you to a website pretending to be a company’s legitimate site — this is where the hackers will ask for your login credentials.
TIP: Do not click any links in the email — directly log in to your account by typing the address into your web browser. If you are unable to log in, contact the service using official contact information.
Cloud File Sharing
This type of email contains a link to what appears to be a shared file on Google Docs, Dropbox or another file-sharing website.
Again, the email will contain a link which points to a page pretending to be a file-sharing site and requests you log in
TIP: Do not click any links in the email. Instead, log in to your account and find the shared file by name. Remember to verify sender identity and use established cloud file sharing services.
These types of phishing emails come from a domain similar to the DocuSign domain.
Much like the others, a link will prompt you to sign in to view the document, giving attackers total control of your inbox. These types of phishing schemes can be tricky if you’re an avid user of DocuSign (or alike) tools.
TIP: DocuSign never attaches items to email — attachments are likely malicious. Instead, access your documents directly at www.docusign.com.
These types of malicious emails contain a document presented as an unpaid invoice and claim service will be terminated if the invoice is not paid.
Unpaid invoice phishing scams usually target individuals (by pretending to be a retailer) or businesses (by impersonating a vendor or supplier).
TIP: Do not reply to the email. Contact the vendor/service directly using official contact information before submitting payment.
These types of phishing attacks appear to come from popular delivery services (FedEx, UPS, etc.) or online retailers and include a delivery notification with a malicious link or attachment
TIP: Do not click links or open attachments in unexpected delivery notifications. Instead, visit the delivery service’s official website and enter the tracking information, or call the delivery service’s official phone number.
Emails appearing to come from a government tax revenue agency (e.g., IRS in the U.S.).
These types of scams will claim you are delinquent on your taxes and will provide a means to fix the issue before additional fines or legal actions are pursued.
TIP: Never share personal or financial information via email. Only use official communication channels to contact revenue agencies!
Remember: The most vulnerable target at many organizations isn’t a system or technology —
61% of businesses reported a cyberattack in the last year. Contact Verity IT to construct your cyber readiness plan today!