If you take the Public Service Announcements (PSA) from the FBI seriously, you will be a bit on edge about one in May. It claimed that phishing scams cost businesses in the United States over $500 million each year. That’s nothing to cough at. In fact, phishing scammers are taking advantage of phishing at breakneck rates. Webroot recently released its Quarterly Threat Trends Report breaking the news that 1.385 million new and unique phishing sites are created each month.
Unfortunately, there isn’t a lot of good news to follow that. This number is up drastically from Webroot’s December findings. Those determined a measly 13,000 new sites went up per month. On top of that, the majority of the sites stay active for a very brief time; four to eight hours. That’s because the owners want to avoid having the site put onto block lists, which usually take over three days to update. By the time the malicious sites are discovered and put on these lists, they’re gone. They also can evade traditional detection strategies when their lifespan is so short.
There is something to be done, however. Scammers use very effective social engineering techniques to gather information and craft very detailed attacks against their targets. They often get this information from social media. So you can limit the information they receive.
Use caution about what you post on social media. The less information you provide, the less a scammer can find out about you merely by browsing LinkedIn, for example. Consider listing vague details about your job responsibilities, rather than specifics. Business email compromise (BEC) is still running rampant and has caught out employees of some very well-known companies, such as Seagate and SnapChat. BEC is a technique used by phishers where they target personnel that work in departments handling sensitive information, such as human resources and finance. So, if you put on your social networking profile that you work in one of these areas, it’s easier for you to be targeted by these scammers.
Don’t be afraid to network. Just be aware of these schemes and second-guess anyone asking for information such as W-2 details. Always do a verification check using the phone, a text, or a personal visit to his or her desk before sending such information.
That said, remember that email is not typically a secure form of communication. Assume that whatever you write in any message is going to be read by someone you may not intend or want to read it.