Looking out for phishing scams is now a day-to-day experience for anyone who uses the internet. How cyber-criminals are finding ways to trick consumers into divulging sensitive information (e.g. bank or credit card account numbers or passwords) isn’t much of a mystery. They send their victims an email, an online popup, or call and claim that they represent a business and need you to update or confirm or validate private account info. If they are very aggressive, they may even threaten “legal consequences” if you don’t divulge your info. Phishing allows criminals to dig into your personal information by simply using phony email messages and fake websites to steal. This is the kind of garbage that leads to identity theft. If you let them.
The best ways to avoid phishing scams are by ignoring any email or pop-up message that asks for personal or financial information, and never clicking on any suspicious email links. You should only use secure websites for sensitive personal data and never provide account information to callers. With a little careful studying and focus, you will learn that legit companies do not procure info in the same manner as these cyber-criminals.
Since the start of 2017, security experts have observed a perfect example of these phishing criminals. They are known as FIN7 and they have been spreading malware by using LNK files embedded in Word documents via the standard Object Linking and Embedding (OLE) technology. They spread this malware by using the group’s own custom backdoor. All it takes is one user to fall victim for it to spread throughout. FIN7’s constant evolving means that security professionals must balance between broad detection approaches that can generate false positives, and more detailed signatures that can cost more.
Phishing scams can ultimately lead to identity theft, so it’s crucial that you take preventative measures. Review your bank and credit card statements regularly and thoroughly. Contact your financial institution immediately and block any accounts or cards that may have been compromised. If you think you have received a phishing email or suspicious phone call from someone saying they represented a certain business, contact the business and report the situation. Phishing scams are an action that visionaries behind the internet never dreamed of. We know of them now, and we must always stay aware.
