As technology continues to advance, so do cyber criminals in their quest to deceive and manipulate individuals into divulging personal information that can be used for fraudulent purposes. It has been reported that 98% of cybercrime attacks rely on the human element, by pretending to be a known person or legitimate entity to access confidential information for illegal purposes. This is known as social engineering. Most of our clients report having been targeted. One social engineering technique used by cyber criminals is called phishing. This involves the use of email or text messages in an attempt to trick individuals into providing personal and/or financial information to a cyber-criminal. A phishing email will state it is coming from a familiar or trusted source such as your bank, the DMV, a credit card company, the IRS, Amazon or ITunes and even FedEx or UPS. If you are not expecting a communication from a company and you receive a note asking you for personal information or asking you to confirm something by clicking a link… beware. You could be the target of a cybercrime. This applies to text messages as well.
Here is a real life example of a phishing text message:
NyDMV
Are you REALID ready?
On May 3, 2023, U.S. travelers must be REAL ID compliant to board domestic flights and access certain federal facilities. Please fill the form below to comply with REALID.
Visit: Insertasuspiciouslinkhere
Some examples of cyber crime phishing emails we have seen are:
An email stating a package delivery was attempted but is now being held until delivery is confirmed via the click of the link.
There is a problem with your credit card on file for your Amazon, ITunes or PayPal account. “Click the link to update”
The IRS is reaching out about a tax refund owed to you.
A coworker, friend or family member asking you for a financial favor, to purchase a gift card on their behalf, or send money.
Your credit card has been hacked and immediate action is required to resolve.
A text or email with a phone number or email address that appears wholly legitimate
An invoice from a known source requesting payment to a specific bank that is not legitimate, or a second invoice with updated wire instructions. These can often be sent by smaller businesses which may be more vulnerable to cyber attacks, like your dentist, landscaper, etc.
A the click of a button, cyber criminals can gain access to your personal, financial and other account information. If you receive a suspicious text or email, do not click the link! It is best to confirm the senders identity using the official contact information from the institution directly, and not the information presented in the email. If an email or phone number is included with a suspicious link, this should not be used as it may be a direct line to the cybercriminal.
Here is an example of a phishing email received in our office:
Here a few red flags that a communication is potentially spam:
The actual email address or the sender does not have an official @company.com email address. They usually contain miscellaneous letters and numbers. In some cases, spam email addresses may not be obvious.
There are many typos or grammatical errors.
The person is requesting information such as account details, username or passwords.
There is a sense of urgency behind the message, a threat or promise of something that is too good to be true.
Avoid clicking on any links within emails where you are not certain of the sender whenever possible. If you do find yourself in a scenario where you have clicked a link and fall victim to cybercrime, cyber insurance may be able to help. Reach out today to learn more about cyber coverages offered by our insurance carrier partners.
Commentaires