2020 Goes Phishing: 10 Most Effective Scams This Year

Strange correspondence in your email inbox? Unsolicited phone call from corporate? Though you may not know it, you’re on the wrong end of a phishing scam—and it’s time for you to sink or swim.

Phishing, or deception via electronic communication to obtain sensitive data, is a notoriously common practice among cybercriminals. Phishing scams may ask for your personal information to send you a supposed reward, pass on an urgent warning from an alleged government institution, or even pose as your employer, asking you to open a file or click on an everyday link.

Phishing scams are rampant today, and experts warn that the easiest to fall for are also the easiest to miss. The most successful phishing scams are the ones that look like everyday messages—corporate updates, package notifications, and so on.

October is National Cybersecurity Awareness Month (NCASM), so it’s a great time to remind yourself and your coworkers about defensive basics: 

  • Keep an eye out for misspellings, inconsistencies, and other small oddities in text and addresses.
  • Think before you click—hover over links to confirm they’ll take you to where you’re expecting to go.
  • When in doubt, check with the supposed sender before you take action.
  • Immediately report any suspicious activity to your IT team so they can take action ASAP. 
  • Keep your team abreast of the latest forms of social engineering—they change rapidly, so that’s what we’ll dive into next…

The 10 Most Effective Phishing Scams of 2020

  1. Company Conduct Updates

We’ve all clicked through Terms of Use agreements, and when Human Resources rolls out revisions to your company’s code of conduct, the temptation to do the same may be strong. But this is a classic setup for a phishing scam: a mundane task that takes little time to complete and requires you to click on an external link. Not sure whether the update is genuine? Get in touch with your HR department and get your answer straight from the source.

  1. Delayed Tax Summary

Tax documentation is a headache waiting to happen, and finding out that your annual summary will be delayed summons anxiety and irritation in equal measure. This scam can be thwarted by speaking with your superior or payroll department. Beware of simply asking your coworkers if they’ve received the same message, because this dupe is often office-wide.

  1. Upcoming Server Maintenance

This one isn’t work-exclusive—you’ve probably received this message from sites you have an account with. Be particularly wary of reported server outages, as the remote-working world has become increasingly reliant on company servers, and get in touch with your IT security team if you’re not sure.

  1. New Assignment

Tasks sent down from the top are hard to ignore, especially when this scam uses the same scheduling system that your company does to trick you. It’s important to be aware of which tools your company uses, for scheduling or otherwise, and how public they are; services that are cloud-based or open to everyone are easier for malicious actors to spoof.

  1. Testing New Email Systems

This phishing scam will ask for your username and password under the innocent guise of trying out a new email system. It’s always a good idea to contact your supervisor for verification, especially if you’re not aware of any such change or don’t recognize the service in use.

  1. Vacation Policies

These extraordinary pandemic times have made taking leave all the more complicated, and hackers will take advantage of any points of consternation in an organization’s policies. Beware of scams claiming COVID-based changes… and the allure of a good vacation.

  1. Your Lights Are On

Another deceptively simple scam with an astonishing amount of mileage: hackers will send out spoofed emails informing employees that someone has left their car’s lights on, with a “link” to a picture of the car or license plate. Although it may sound ridiculous, these scams can and have deceived the average worker—just remember that if an email seems strange, it’s best to assume that it’s not just in your head.

  1. Failed Package Delivery

You’ve probably come home to UPS slips notifying you that your package could not be delivered. Digital notifications are much easier to fake, and far more nefarious, particularly when people are taking advantage of delivery services to purchase everything from groceries to new tech in the age of COVID-19. Always track your packages through an official site and complete the multi-factor authentication involved.

  1. Secure Documentation

It’s not hard to believe that your company would send out secured documentation; encryption is a tried and true strategy that can prevent hackers from obtaining sensitive data if they break into your systems. This scam will ask for your company username and password to view a supposed important document, or even ask you to edit security settings; yet another scam easily avoidable by getting in touch with Human Resources or another company authority.

  1. Social Media Notifications

Got FOMO—a fear of missing out? Emails from your social networks letting you know what’s happened since you’ve been gone can be particularly enticing. In the case of these spoofed emails, it’s best to look for inconsistencies in spelling, grammar, and the email address of origin. Illegitimate notifications usually contain errors, from random capitalization to minor typos.

Don’t Get Hooked

The best security measures beat hackers to the punch, and that means having a culture of security awareness. Your ideal prevention methodology pulls from worst-cases scenarios to develop an effective, adaptive defense against cybercriminals.

With our Social Engineering Evaluation, our seasoned team of security experts draw upon dozens of schemes used in present-day breach activity. Complementing our robust IT Security Assessment, the Social Engineering Evaluation offers several enhancement options:

  • In-Person or Over-the-Phone Security Audits
  • Endpoint Compromise
  • USB Flash Drive Drop
  • Black Box Placement
  • Multiple Scenarios

Don’t wait for your team to get hooked by phishing or other clever cyberattack methods—contact us today to uncover your true security posture and how to shore up your vulnerabilities.

Posted in BAI Security Blog, Security Risks, Social Engineering and tagged , , , .