|Paul Everton - Phoenix Business Journal - 16-11-29
Click here for original article Back to Articles
Traditional phishing scams, like the now-infamous "Nigerian prince" scam, are so widely known that few today would fall victim to them.
Time hasn't stood still for scammers, though, and their techniques have become increasingly sophisticated.
Bolstered by the power of myriad digital tools such as spymail -- emails containing hidden tracking code that captures information about when, where and on what device you read the message, and even when and where you forward it -- phishers can gain unprecedented insight into your organization.
Spymails aren't just read by their victims -- they take readings of their own. By prodding your firm and employees with seemingly innocuous spymail, scammers can gather highly-sensitive information that enables them to eventually launch a highly-customized attack that can fool even your most cautious employees.
In the past, phishers attempting to create a convincing scam often had to resort to tactics such as "dumpster diving" to learn about an organization's structure, employees, and communications. Today, social media, spymail, public records and other sources of information make the reconnaissance much easier. As a result, more scammers are sending more-convincing phishing emails more often.
Consider this common scheme: Phishers present a payable invoice or funds transfer request to an accounting department, making it appear as if the email was sent from one of the organization's vendors or partners. This scam succeeds with alarming regularity, such as in the case of Leoni Ag, which lost $44 million.
While there are standard tools to prevent email spoofing, many firms are behind in adopting them, and their implementation is publicly recorded. This means that even if your firm is secure, a scammer could easily identify a client with lax email security and impersonate them.
A critical part of preventing successful phishing attacks is to deny phishers the information they need to trick your employees. Adopting an anti-spymail tool, for example, cuts off one important source of private information about your organization. Phishers will always continue to refine their underhanded craft, but spymail detection and prevention can help send them back to the days of Nigerian prince schemes.
Tags: Nigerian Prince, spymail,phishers,dumpster diving,funds transfer request,invoice
Back to Articles