You may think you can spot an email phishing attack from a mile away–letters from Nigerian princes, long lost relatives, or a rich philanthropist who chose you to give his money to (just send along your bank account information, s’il vous plait). While you probably have a dozen of those notorious examples in your spam folder right now, spotting them does not make you immune to the email phishing schemes that open the door for wire fraud.
As phishing’s sophistication has increased dramatically, so have the number of people who fall for it. Account compromise is often the first step in a successful wire fraud scheme, and with our online identities and services interconnected it is not only business accounts that are vulnerable to exploit. Three out of four companies reported being victims of phishing attacks in 2016, and new schemes are popping up all the time. Here are 9 recent phishing schemes that you may not have heard about:
9) World Cup Fans Targeted With Malware
Sports fan? Hackers see you as a target. Ask the millions of folks interested in soccer who attended the 2018 World Cup in Russia. Scammers pretending to be from FIFA emailed soccer fans with downloadable “result trackers,” which really contained malware that could target their computer with adware, toolbars or even keylogger software that can record your every keystroke, including the login and password to all your accounts.
8) Hackers Impersonating Police Sending False Speeding Tickets
Pulled over on the information superhighway? Hackers around the country are impersonating local police departments to phish locals, emailing folks and telling them they’ve been caught speeding and including a link or phone number where they can pay their fine. While some just steal your money, others prompt you to create an account and steal your login credentials.
7) Phony Emails from Apple Seeking to Steal Your Login and Password
There’s many subtle variations to this scam – one saying your Apple ID has been used for a purchase, another asking you to verify your billing info, and others such as phony support claims or virus alerts – but they all have the same goal: to get you to enter your Apple ID and password to steal your personal information. If your password gets compromised cyber criminals are able to mine your iCloud backups for even more personal information. Turning on Two Factor Authentication is one way to help prevent your chances of being affected by this email phishing technique.
6) Fake Vacation Rental Home Listings Steal Consumer’s Money
You pay what you think is a rental fee for a lovely vacation home, but when you arrive, you’re out of luck. Fraudsters are using legitimate vacation rental home sites and duplicating the same listings on other pages with their own contact information. Some cyber criminals are making up fake listings altogether. By setting up fake landing pages, consumers are tricked into providing their personal details which results in a successful “phish” by the fraudsters–hundreds of dollars of money stolen, and sad vacationers out in the cold.
5) Hackers Send You a Real Password, Claim to Have Video of You Watching Porn
A recent scam is using people’s hacked passwords to convince them they’ve been caught watching porn. An email arrives with a legitimate password you’ve used and claims to have video evidence of you watching porn – evidence that will be emailed to all your contacts unless a ransom is paid ASAP. Security experts have dubbed scams like these “sextortion.”
4) Children’s Hospital Data Hijacked, Including Medical Records
Stealing the medical records of thousands of children began with a simple phishing email – asking employees to login to what looked like a trusted site. After they entered their credentials, thieves used them to break into the hospital’s system, gaining access to patient names and information, medical record numbers, dates of hospital stays and procedures, diagnoses and conditions.
3) Phishers Steal Tax Refunds in Upgraded IRS Scams
It might sound like welcome news to hear that someone did your taxes for you, but not when you find out it’s a cyber thief who stole your refund too. Another scam targets folks with emails saying they owe back taxes and fines, and just when it started to become common knowledge that the IRS won’t send you an email or call you, thieves got smarter – they spoof the IRS’ Taxpayer Assistance Center’s number and ask you to go to a fake IRS.gov to verify the communication is real.
2) Facebook and Google Lose $100 Million to Phishing Scams
You might think the employees of tech-giants Facebook and Google would be too smart to fall for a simple phish, but you’d be wrong. A scammer forged email addresses, invoices, and corporate stamps to impersonate a manufacturer both companies did business with. The thief stole $100 million from each company, while each thought they were paying for computer supplies, and it took them a whopping two years to figure it out.
1) Amazon Prime Day Phishing Schemes
While most people were worried about their Prime Day packages being nicked from their front porch, they weren’t considering another thief in their inbox. Knowing that thousands of people bought from retail-giant Amazon for it’s summer black Friday, scammers sent out emails asking customers to review their purchase, even tempting them with the promise of a gift card. And the link provided, just like Amazon, prompts you to login, giving your credentials to a thief who now has all your financial information and your order history.
After reading through these 9 new phishing schemes, you might be second guessing a few emails you’ve opened lately or even feeling like you can’t trust anyone. After all, even if you manage to avoid falling victim to one of them, can you know for sure that the person you’re communicating with has not? If you are unable verify the identity on the other end of those wiring instructions, you are vulnerable to wire fraud. We created CertifID – Wire Fraud Protection to fill that void.