Phishing Attacks- Guard Your Info

IT threats are becoming more and more complex and creative. With ransomware, major firms being hacked, and numerous scams, one of the fastest and most successful threats are phishing scams.

If you think this couldn’t happen to you, you’re wrong.

Phishing Explained
Phishing scams are typically fraudulent email messages appearing to come from legitimate contacts. These messages usually direct you to a spoofed website, get you to disclose private information such as passwords or to transfer money. Phishing scams are becoming more creative and very convincing.

Latest Phishing Scam Scenario

Your View:

You receive an email from a vendor that has a legitimate email address, signature, and content looks good. The vendor is requesting that you open the PDF attachment and fill out the form to update your contact information. Inside the PDF, it asks you to enter your email username and password to validate your identity. You then put in your account information and submit the form.

Malicious User View:
Now they have your username and password. They log into your email account and forward all emails to them. They may also create rules to delete certain emails as they come in and grab all of your contacts. Next, they will buy a domain name that is very similar to your email address. For example, your domain may be and they will buy a fake domain Afterwards, they will create email accounts that match your name. They will start sending emails to make the initial contact from your account to your clients/contacts and change the From address to use a fake domain.

Your Client’s View:
You client receives an email from you stating that they need to pay all of their outstanding invoices ASAP and pay using ACH to get their account up-to-date. The client will then respond to the email (now the fake domain asking for the ACH account number. They receive the ACH account number from the malicious user and transfer money to it.

Malicious User View:
The malicious user then transfers money out of the bank account and disappears.

Your View:
Reputation is damaged. Now you have to send emails to all of your contacts and clients to state that you were compromised. You may also find yourself the responsible party for lost funds on your clients’ behalf.

The Bigger Picture:
The malicious user has created a huge chain of fraudulent emails that can affect 1,000s or 10,000s of people. The Vendor was compromised and his/her account sent emails to 10s to 1,000s of contacts, you were compromised and your account sent emails to 10s to 1,000s of contacts, your client was compromised and sent 1,000s 10,000s of dollars to the malicious user. All the malicious user had to do was monitor your emails, send a few emails, spend a few bucks on new domains.

This is a very real threat and affects 1,000s of people. In fact, it has cost American businesses half a billion dollars a year. That is a lot of money and it is very successful.