Did you know a simple phishing scam can cost people money, their jobs, and their reputation?
A short short story about phishing All three of those assets were lost by Walter Stephan, CEO of FACC, an Austrian aircraft parts maker whose customers include Airbus, Rolls-Royce, and Boeing, in 2016. According to Security Week, a “FACC employee wired around 50 million euros ($55.7 million), equivalent to almost 10 percent of annual revenues, after receiving emailed instructions from someone posing as Stephan.”
Phishing 101 Scammers use phishing techniques not only to dupe someone into sending them money, but also to deceive someone into divulging personal or confidential information, such as login credentials and credit card information. Once they have the information, they can easily steal a person’s identity, which can lead to heavy financial losses and ruined reputations for the victim.
How do they do it? They may ask for information with an email that contains just enough personal information to convince the recipient the email is legitimate. They may also set up a website that poses as something it’s not, such as the login page of a financial institution. These tactics are called social engineering.
Avoid getting phished Look for the following clues to identify whether you’re being targeted:
- Spelling and bad grammar commonly plague phishing emails.
- Links in emails may appear to lead to a legitimate website, but in fact are nefarious links in disguise. Hover over (DO NOT CLICK) the links and review the URL that appears at the bottom of the screen. If the links in the email and the URL do not match up, you are probably being re-routed to some other page.
- Threats and scare tactics embedded in some emails include legal action, time sensitive calls to action, and so on. They’re designed to convince you to make a hasty decision to click a malicious link, reply with sensitive information, or open an unsafe attachment.
- Spoofing a legitimate website or company in an email or website Everything in the source appears to be legitimate, but things such as suspicious URLs (pages with names not associated with the website or company), or outdated information can be tell-tale signs that something is not right.