Way back in November 2019, we posted a blog about the types of Phishing emails for which you should be on the lookout. If you don’t remember or are unaware of the destruction phishing can cause, you may want to check it out here. Fast forward to Phishing 2021, where the scams are no longer limited to emails and the scammers are even more prevalent and scams are more complex.
Like most things in IT, scammers have become more sophisticated when it comes to phishing. In the past, they would entice you into their scam through an email, but 2021 has seen an upswing where they have upped their game to include texts and even letters. Scammers want to steal your passwords, account numbers, Social Security numbers, and more.
Recognizing a Phishing 2021 Scam
The letter below was recently received by this blogger:
At first pass, it certainly looks valid, but a second look shows a few hints that make it apparent it is a phishing exercise.
- The person who received this letter did not apply for a credit card between July 2020 and March 2021.
- If you choose to re-apply, a new credit report will be requested. Can you imagine the personal information this scammer will learn through your new credit report?
- “We accept relay calls” Have you ever seen that in a credible business letter?
- Notice there is no company name on the letterhead.
This is a very creative, complex, and scary tactic, especially since most people are now aware of scammers emailing and texting. They are not expecting someone to be brave enough to chance being caught and fined for mail service fraud.
The Federal Trade Commission (FTC) suggests you watch for communication that tells a story asking you to click a link, open an attachment, or call a telephone number. Specifically, these communication pieces may
- say they’ve noticed some suspicious activity or log-in attempts
- claim there’s a problem with your account or your payment information
- say you must confirm some personal information
- include a fake invoice
- want you to click on a link to make a payment
- say you’re eligible to register for a government refund
- offer a coupon for free stuff
If anything suggests it might be a scam, do not click, call, or phone. When in doubt, contact the business by another means that you know is safe.
Protection From Phishing 2021
Like most things, the best protection is awareness and education. Educate and train your employees to be wary of any type of communication that requests sensitive information, regardless of whether it is personal or corporate-related. Since scams are no longer limited to emails, they must be more diligent than ever before. If you need help training your team in how to detect phishing and other scams, Workforce IT of Jacksonville is well versed in this area.
There are software solutions that can help organizations if the scam arrives through text or email. Microsoft suggests using their Windows Defender Application Guard, Microsoft Exchange Online Protections (EOP), or Microsoft Defender for Office 365. Of course, there are many other online solutions. Make sure you understand your organization’s security health and your needs. Research the companies offering protection and the services they provide.
Attackers relentlessly target organizations with spam, phishing, and advanced socially engineered attacks, with 41% of IT professionals reporting phishing attacks at least daily (https://www.sophos.com/en-us/medialibrary/PDFs/factsheets/Sophos-Phish-Threat-Datasheet.pdf). Since your employees are the weakest link in your security setup, keep your business safe through robust phishing training.
If the communication is in the form of a letter there isn’t much you can rely on for help other than your employees being aware of what to look for.
Reporting Phishing 2021 Attacks
It is important to report phishing attacks in any form. Remember, scams are no longer limited to emails and the information you give can help fight the scammers.
The FTC recommends this two-step process:
Step 1. If you got a phishing email, forward it to the Anti-Phishing Working Group at firstname.lastname@example.org. If you got a phishing text message, forward it to SPAM (7726).
Step 2. Report the phishing attack to the FTC at ReportFraud.ftc.gov.
Microsoft recommends even more ways to report phishing and other forms of spam. To see their recommendations, go here.