Spring is definitely in the air, and summer is right around the corner. While the actual fishing season is just getting started, a scammers’ phishing season is 365 days a year. This is the perfect month to look at how cybercriminals lure us onto their phishing hooks for evil financial gain. Here, we highlight some of the latest types of social engineering attacks scammers are using to trick users into handing over valuable information.
Clone phishing is similar to how Dolly the sheep was created — minus the sheep and scientific genius. It involves cybercriminals creating a (more or less) exact replica (clone) of a web page or an official email. Often, these cloned phishing schemes are difficult to spot by even the most vigilant person.
Bank transfer phishing, also known as wire transfer phishing, is a manipulation where the cybercriminal sends an invoice requesting a transfer for services or goods you never purchased. Always check the account information and verify all transactions with the actual issuing company or organization before transferring money.
CEO fraud occurs when cybercriminals pretend to be the big fish — the boss. Scammers use manipulation tactics, such as a sense of urgency, to trick employees into transferring money or providing sensitive information. It can happen over the phone, text or email, often using various deceptions to make it very believable.
What to Do if You’re the Victim of a Social Engineering Attack
- Report any phishing scams immediately to your supervisor and your IT security team.
- Do not attempt to fix it yourself. Time is of the essence — the longer it takes for IT to identify the security breach, the harder it becomes to recover anything.
- Follow the IT security team’s directions exactly. Remember, anyone can fall for a well-designed social engineering attack.
Phish Test Your Employees
GLS SecurePhish™ is an online tool used to perform simulated phish testing throughout your organization in order to educate employees and protect against social engineering attacks. SecurePhish simulated phish testing allows you to control every aspect of your phishing awareness program, with preconfigured and customizable phishing tests and online courses. Keep your employees at the highest level of security awareness through continuous training and testing from GLS.