It didn’t take long for fake donation requests in support of Ukraine to flood popular social media sites, email lists, and fraudulent websites after the Russian Federation invaded Ukraine in late February 2022. Fake donation requests almost always ask for cryptocurrency donations (Bitcoin, Litecoin, Ethereum, etc.) and are designed to resemble legitimate sources (the Ukrainian government, the UN, etc.). Such phishing attempts are countless, crafty, and pose a significant risk to anyone using a computer connected to the Internet.
What is a phishing scam?
In phishing scams, or phishing attacks, an attacker uses social engineering to entice someone into clicking a link or divulging sensitive information with the intent of deploying malware or executing fraudulent activity. In addition to text messages (smishing), telephone messages (vishing), and calendars (calendar phishing), phishing is most commonly committed via email (email phishing). It is critical to be able to spot phishing attempts, as well as other scams, to prevent both financial and data loss. Through various forms of phishing, scammers obtain funds fraudulently and gain access to a victim’s computer network, which can have far-reaching and devastating ramifications.
Phishing and other scams that you should watch out for:
- Look for grammar or spelling mistakes or language syntax that sounds “off”. The fact that a word is changed slightly to appear legitimate is typically a clue that something is wrong.
- Read messages closely to look for email addresses that appear legitimate on quick glance, but are actually not real, such as [email protected] or [email protected]. (one letter is incorrect in each case)
- Any email that imposes a sense of urgency should be carefully reviewed to be sure that the language isn’t simply to lead a user into giving up information. A true urgent situation can usually be confirmed with a phone call.
- Feeling like you are being forced into giving up credentials or financial details should be a reason to take a step back to clarify the request and confirm is it from a reputable, legitimate source.
- If someone with an “official” looking name or sources solicits sensitive information by email, verify this is a legitimate request.
- Several years back, a coordinated hack of Twitter accounts owned by well-known public figures was perpetrated, sending out tweets asking for Bitcoin – and succeeded in pulling in thousands of dollars before the scam was shut down.
- Be aware of any requests or promises that sound just too good to be real – they are probably not.
How can you protect your business and network from phishing or other attacks?
- Install all available software updates – for your operating system, line of business applications, anti-virus/anti-malware software.
- Software publishers release new updates for both new features and in response to security threats. Take these updates seriously to ensure your systems have current protection installed.
- If you have doubts about the sender of a text message or email, don’t click the link. It’s that simple.
- Phishing attempts often require the end-user to do something – such as click a link – to give the access needed for an attack to begin. Your best defense is to hover the cursor over each link to see the actual URL it goes to, and to make sure the link is not redirecting to a misspelled or wildly different site.
- Pay attention to any alerts or warning messages generated by your browser or anti-virus/anti-malware software.
There are companies out there that can help to identify phishing and other scam sites, however there is always a lag between the time scammers publish a site and its identification. Although there are many protections available from different companies, the ultimate way to avoid becoming a victim of phishing is to follow your “gut instinct”. If a request for something like money or personal information does not sound like a typical message from someone you know, make a phone call to confirm that the request is legitimate. Taking the simple action to verify a request could save you or your company from going through a frustrating process to try to recover stolen funds or customer data.
About the Author:
Craig Beringer – Sr. Vice President & Founder, Beringer Technology Group
After twelve years serving as VP of Operations of a large electronic components distributor Craig founded BTG in 1993, with the simple philosophy that “great work leads to more work”. This philosophy has propelled the company from a single person operation providing ERP consulting to one of the region’s top IT Services providers. Craig provides company vision and works with the leadership team to ensure execution and customer satisfaction.