Call Today: 503-691-5706
  • IT Services
    • Managed IT Services
    • Cybersecurity
    • Cloud Computing
    • IT Support Services
    • On-Demand IT Services
  • IT Staffing
    • Candidates Apply Here
  • About Us
    • Testimonials
  • Resources
    • Blog
    • Cybersecurity Audit Offer from Compass Computing Group
    • Cybersecurity Checklist
    • 15 Ways to Protect Your Organization from a Cyber Attack!
    • What To Do if You´re in the Midst of a Ransomware Attack
    • Techniques to empower your cyber defense
    • Disaster Can Take Many Forms
    • Tangible Reduction of Cybersecurity Risk: Case Study
  • Contact Us
  • IT Services
    • Managed IT Services
    • Cybersecurity
    • Cloud Computing
    • IT Support Services
    • On-Demand IT Services
  • IT Staffing
    • Candidates Apply Here
  • About Us
    • Testimonials
  • Resources
    • Blog
    • Cybersecurity Audit Offer from Compass Computing Group
    • Cybersecurity Checklist
    • 15 Ways to Protect Your Organization from a Cyber Attack!
    • What To Do if You´re in the Midst of a Ransomware Attack
    • Techniques to empower your cyber defense
    • Disaster Can Take Many Forms
    • Tangible Reduction of Cybersecurity Risk: Case Study
  • Contact Us
  • You are here:
  • Home
  • Criminals are Doing Their Cybersecurity Homework
Criminals are Doing Their Cybersecurity Homework

Criminals are Doing Their Cybersecurity Homework

  • Posted by Compass Computing Group, Inc.
  • On May 7, 2021
  • 0 Comments
  • Cybersecurity Information technology, Data security, IT Solutions, tech companies in portland

Phishing scams are on the rise. And cybercriminals know full well that your staff members are their best bet for phishing attack success. Your employees aren’t dumb, nor are they being intentionally negligent. Rather, they are being manipulated by increasingly clever and realistic scams from a growing community of cybercriminals, also known as bad actors, who have done their cybersecurity homework and prey on human error.

Typo-laden financial support requests from foreign princes are a thing of the past. Today’s phishing emails are incredibly hard to detect, even for the most diligent and cyber-savvy among us. A seemingly legit LinkedIn request from a new co-worker. A FedEx tracking request branded to look identical to other legitimate FedEx tracking requests you may have received in the not-so-distant past. A survey from your HR department, with nary a typo in sight, requesting your input as they reassess their suite of employee benefits. Anything from PayPal (incidentally, PayPal is one of the most commonly imitated phishing brands in the world).

Why is Phishing So Effective?

For starters, our brains are wired to make fast decisions. “We’re moving quickly, reading through tons of email, and these criminals are doing their due diligence,” Compass Computing Group President Robert Phillips states, “If you are not paying attention, it’s so easy to get caught. We tell our clients, if they are at all suspicious about an email, to look at the ‘from’ email address. That’s usually a dead giveaway if it’s fraudulent.”

This act of manipulating employees through phishing is referred to as social engineering, and it’s on the rise. More than three billion phishing emails are sent out globally on a daily basis. It’s easier for a criminal to exploit natural human inclination and tendencies than it is to discover new ways to hack software.

Furthermore, cybercriminals are getting really, really good at their craft. They are doing a bang-up job of replicating existing workflows from trusted sources. “Something we’re seeing a lot of with our clients is wiring fraud,” Phillips explains. “One of their vendors gets hacked and sends a realistic-looking invoice. It looks legit so the company pays it. And then they find out that it was fake.”

The latest in Cybersecurity Phishing Threats

Here are 6 types of phishing scams that are keeping cybersecurity experts busy.

1. Deceptive phishing

This threat is the most common one on the list. That LinkedIn request, the FedEx tracking email, the fictitious HR survey, and, of course, PayPal – all fall under this category, in which a bad actor impersonates a legitimate person or organization. With deceptive phishing, the perpetrator is counting on users to take specific action based on the email (click here, see attached) which then launches the attack.

2. Spear phishing

Spear phishing is a phishing scam that is well-executed and intentionally targeted. Whereas other phishing threats may rely less on investigation and more on the sheer volume of targets, with spear-phishing campaigns the name of the game is quality over quantity. If your organization is on a cybercriminal’s spear-phishing radar, you can bet they are conducting extensive research to craft a credible and compelling narrative, designed to dupe their victims.

3. CEO fraud

With this type of phishing threat, also referred to as whaling and business email compromise (BEC), the bad actor is playing the role of high-powered executive. In impersonating an executive, the perpetrator coerces employees to undertake actions, such as those designed to compromise data security, like unauthorized wire transfers or providing confidential tax information. Between May 2018 and July 2019, there was a 100% increase in this specific fraudulent activity.

4. Vishing

Whereas phishing refers to scams perpetrated via email, vishing is fraud by phone call, so named because the cybercriminals use a Voice over Internet Protocol (VoIP) server to conduct the fraudulent behavior. Oftentimes, they will disguise their phone number to make it look like it is coming from the target’s region. Last August, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) warned the public about an increase in vishing schemes, where the attackers targeted remote workers in an attempt to obtain their digital log-in credentials.

5. Smishing

Like vishing, smishing also relies on phone numbers for exploitation purposes. However, the cybercriminal will send malicious text messages, attempting to glean personal data or trick recipients into clicking on a dangerous link. Clicking on this link can give the attacker the ability to remotely control the victim’s mobile device.

6. Pharming

In a pharming attack, the cybercriminal redirects the victim to a fake website, intended to replicate the legitimate site they thought they were visiting. From this fake site, the intent is to obtain digital credentials, such as usernames and passwords. Pharming is often used as a precursor to online identity theft.

It’s Time to Take Control of Your Cybersecurity

Cybercrime can be devastating. It’s an ever-evolving and complex field and one best left to the cybersecurity experts who specialize in keeping businesses secure and free from disruption. IT solutions provider Compass Computing Group, one of the leading tech companies in Portland, takes a layered approach to ensure a robust security plan. This includes live and modular employee training, simulations, policy and procedure development, remedial training for simulation slip-ups, and resources for ongoing education. Connect with Compass Computing Group today to take advantage of their free one-month training and simulation trial, and learn what it means to be truly cyber-aware.

Cybercrime can be devastating. It’s an ever-evolving and complex field and one best left to the cybersecurity experts who specialize in keeping businesses secure and free from disruption. IT solutions provider Compass Computing Group, one of the leading tech companies in Portland, takes a layered approach to ensure a robust security plan.

Recent Posts
  • IT Services Can Get Your Business Through Uncertain Times
  • Compass Computing Group: 25 Years Strong and Going
  • How To Build Resiliency With Better Computer Security Services
  • How Many Layers of Computer Security Protect Your Organization?
  • Winning Your IT Management Bracket
Recent Comments
    Archives
    • August 2022
    • June 2022
    • May 2022
    • April 2022
    • March 2022
    • February 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • September 2021
    • August 2021
    • July 2021
    • June 2021
    • May 2021
    • April 2021
    • January 2021
    • November 2020
    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • May 2018
    • March 2018
    • February 2018
    • December 2017
    • November 2017
    • October 2017
    • September 2017
    • August 2017
    • July 2017
    • June 2017
    • April 2017
    • May 2016
    Categories
    • Cybersecurity
    • Uncategorized

    Worried About Cybersecurity Insurance? Ask an Expert

    Previous thumb

    Take Home the Gold: 5 Rings of Cybersecurity

    Next thumb
    Scroll
    Menu
    • IT Services
      • Managed IT Services
      • Cybersecurity
      • Cloud Computing
      • IT Support Services
      • On-Demand IT Services
    • IT Staffing
      • Candidates Apply Here
    • About Us
      • Testimonials
    • Resources
      • Blog
      • Cybersecurity Audit Offer from Compass Computing Group
      • Cybersecurity Checklist
      • 15 Ways to Protect Your Organization from a Cyber Attack!
      • What To Do if You´re in the Midst of a Ransomware Attack
      • Techniques to empower your cyber defense
      • Disaster Can Take Many Forms
      • Tangible Reduction of Cybersecurity Risk: Case Study
    • Contact Us

    Serving these areas:

    Beaverton, Portland, Tigard, Hillsboro, Vancouver

    @2022 Compass Computing Group.