As tax season wraps up, the opportunity for persons or groups willing to leverage malicious emails in order to scam unknowing parties is just getting started.
We all have a keen interest in making sure that our taxes are done properly. If you see an email in your inbox that alludes to a refund, or if you aren’t so lucky, a mandatory payment, it’s going to get your attention. The last thing you want is to get into a fight with the IRS. Although most people are aware that the IRS won’t contact them via email, the increasingly digitization of our tax process has helped confuse the matter.
It’s really quite simple for scammers to create official looking emails by emulating logos, fonts, even the wording of actual IRS emails. There have been numerous examples of fake ‘Tax Refund Notification’ emails being circulated. They usually offer the incentive of a small refund, usually a few hundred dollars. The email also includes some call to action that is in actuality the first step that leads the recipient into the scammers trap. Often times these call to action ask the recipient to click a link, which in turns takes them to an official looking – but bogus – website. This is the very definition of “phishing”.
How Susceptible are we to Phishing?
Is it getting easier, or harder, to identify phishing attempts? Phishing emails can sometimes be quite easy to spot. Poor grammar and obvious spelling errors give them away. But they also have another tool to leverage – obfuscated URLs. These are URLs that are often shortened or otherwise altered in order to make it more difficult to determine the address of the site it is pointing to.
At most organizations, the phishing email only has to get past a single gatekeeper in order for it to be deemed “legitimate”. If a trusted colleague forwards you and email, the chances are that you won’t give a second thought as to whether or not you can trust the source and are much more likely to fall into the scammers trap.
Phishing attacks continue to exploit us based on human nature – greed has given way to anxiety – but they are now also more targeted.
Phishing scammers leverage the online information which, in many ways, we’ve already voluntarily surrendered. Attackers can target specific demographics based on information that is readily at hand. For instance, university students may be offered access to a much-coveted scholarship at the beginning of the school year.
Phishing attacks are also becoming more adept at reacting to and riding publicity waves or popular trends in order to engage their victims. Specific events that affect most of us in one way or another (Black Friday, Mother’s Day, tax season, etc.), or a recent data breach at a major retailer, or even fake news are all now being used to capture our fleeting amounts of attention in order to launch attacks.
Phishing is no longer limited to email. Late in 2016, social media phishing spiked, increasing nearly 500%. Fake profiles were allowing phishers to masquerade as representatives for well-known companies and respond to posts left by users on social media sites by sending them a bogus link.
Phishing will continue to evolve and will become increasingly difficult to detect. Educating users is still worthwhile, but basic threat intelligence solutions combined with a managed network service can effectively deal with phishing attacks carried out using the company name.
For information on how Capital Business Systems can help you implement a secure network service to suit your business and your budget, please contact us.