Beware of Phishing Scams this Holiday Season
It’s been a whirlwind year. Many of us are probably ready to bring 2020 to a close, and eager about the prospects of 2021. However, as the holiday season picks up and online shopping increases, so will cyber scams, which means we all need to keep our guard up.
Phishing attacks have been on the rise during the COVID-19 pandemic, with no signs of slowing down. According to Barracuda Networks, phishing scams spiked by over 600% from February to March. And the FBI recently released a statement warning people about phishing scams associated with COVID-19 charities.
Below are some of the different types of phishing attacks to look out for:
- Email phishing: This is the most basic form of phishing, in which hackers send emails that look like they are from trustworthy sources. For example, you might get an email that looks like it’s from your bank, letting you know that there is a problem with your account or asking you to validate something, and asking you to click on a link. If you click on that link, it will direct you to a landing page that asks you to enter some personal information, such as your first and last name, email address, phone number and password, which the hackers will then steal.
- Spear phishing: Spear phishing occurs when hackers target specific individuals. For example, if you’ve booked holiday travel recently, you might receive an email that looks like it’s from an airline. The email might thank you for booking an airline ticket and include a link to a landing page, where you will be asked to enter your username and password to view or adjust your travel plan. If you enter any personal information, the hackers will steal it.
- Whaling: Whaling refers to phishing schemes that target high-level executives or officials. It’s very easy for hackers to identify high-ranking executives, such as the president, CEO or financial officer, at a company on LinkedIn, and then target those folks with phishing attacks.
- Vishing: Vishing attacks are voice-based phishing attacks. For example, a hacker might call you and try to trick you into sharing your credentials. The recent high-profile Twitter hack actually started with a hacker calling a Twitter employee, convincing that person that he was a colleague, and tricking them into sharing user credentials. The hacker might have said that he was having trouble working from home and getting access to Twitter’s systems, and then convinced the employee to hand over credentials so he would be able to get in and get his work done.
- Smishing: Smishing attacks arrive via SMS or text messages. For example, you might get a text message that says your FedEx delivery is delayed and includes a link to a landing page that asks you to enter some personal information to track your package. If you enter any information, the hackers can then steal it.
Smishing attacks the fastest-growing type of phishing attacks because they are relatively easy for hackers to execute, and they tend to have very high success rates. According to Verizon’s 2020 Mobile Security Index, smishing attacks have increased from 2% to 13% in the past year. And unfortunately, I expect we’ll continue to see a rise in smishing attacks, especially as we move into the holiday season.
Smishing attacks are highly effective because people make spur-of-the-moment decisions on their mobile devices; people don’t dissect SMS or text messages as closely as they dissect emails or messages on traditional devices. That’s because the mobile user interface makes it difficult to access and view key information, while prompting users to make fast decisions. Plus, it’s very hard to verify the authenticity of links on mobile devices.
So, what can be done to avoid these scams? The good news is that MobileIron recently announced multi-vector mobile phishing protection for iOS and Android devices to holistically protect against these attacks. MobileIron Threat Defense (MTD) now offers on-device and cloud-based phishing URL database lookup to detect and remediate phishing attacks across all mobile threat vectors, including text and SMS messages, instant messages, social media and other modes of communication, beyond just corporate email.
This means that if you are targeted by a phishing attack and click on a malicious link, our software will stop you from getting to that site and doing something that’s potentially detrimental. This is critical because a successful phishing attack on your personal mobile device could result in that your personal information being compromised or financial resources being depleted, as well as sensitive corporate data being leaked.