What is a phishing scam?
Phishing scams are an increasingly popular method criminals use to steal your sensitive information either via emails or phone calls. These scams use social engineering to trick you and your employees into providing sensitive and private information, such as banking information, login credentials and even access to your computer. The concept is the same as actual fishing, a piece of bait is presented to the prey, in this case the you or your employees, in hopes that you'll bite, by taking the action the attacker wants. This could be clicking on a link, downloading software, or even just providing a little information that might be used in a more targeted phishing attack later on. Often these emails and phone calls are made to appear as if they come from legitimate contacts and businesses like Google, Microsoft, the IRS, your bank, or even people you know.
Types of Phishing Scams
Spear Phising: Attacks that target specific individuals, often using personal information that was previously stolen or that is available via public records or social media.
Whaling: An attack that targets a high level executive or official that has greater access within their organization giving the attackers greater access to the organizations confidential information if the attack succeeds. You can read more about a recent example of Whaling here, when Russian hackers targeted senior lawyers and management at large law firms, intent on stealing information that could be used for insider trading.
Clone Phishing: Attacks where legitimate emails from companies like banks (Chase, Bank of America, etc.), delivery companies (UPS or FedEx), or tech companies (Google, Microsoft or Facebook), are cloned to make them appear identical to a real email from one of these businesses.