Security

Business pros beware: Phishing attacks are impersonating Netflix and Citibank

Phishing attacks via email have increased in the past couple months. Here are the latest tactics cybercriminals are using and how to protect yourself.

Email phishing attempts are not a new phenomenon, but cybercriminals are getting creative. The month of May alone saw over 10,000 unique phishing attempts, and June has already seen 2,000 attempted attacks, according to a report from cybersecurity company Barracuda on Monday.

The normal attacks vary between money scams, information scams, malware distribution, multiple file extensions, disguised links, and spear phishing, said the post.

SEE: Research: Defenses, response plans, and greatest concerns about cybersecurity in an IoT and mobile world (Tech Pro Research)

Spear phishing is one of the most popular modes of attack. Cybercriminals appeal to select audiences by impersonating major brand names, such as Netflix and Citibank, said the report. For example, spear phishers might impersonate Netflix to target Netflix lovers and gain their trust; however, if users look closely, the company name will be misspelled in the URL. Using a strategy called typosquatting, criminals will slightly alter the spelling of a brand name—"Netfliix" versus "Netflix" is one example— fooling the user into clicking a malicious link, explained the post.

Business professionals must stay vigilant. With each attachment and link you are sent, take caution. One click could compromise your whole company. While the scamming strategies are extremely clever, Barracuda provides quick tips to keep users secure:

1. Do not select attachments or links from unknown senders.

Even sources that look familiar to you could be impersonated by criminals. If legitimacy is at all questionable, go to the site separately in your browser instead of following the sent link.

2. Email attachments should be treated cautiously.

With the increase in malware, simply opening a file could send a virus to your computer. Double-check any attached files before proceeding.

3. Information scams sometimes ask for a login to access a document.

Never enter your credentials on to a page accessed via email, even if the email seems legitimate. Instead, go to the site separately in your browser to login.

4. Money scams are known for poor grammar and syntax, indicating the words may have been translated.

If the offer seems too good, it most likely is, said the post. Be wary of many misspellings in an email.

The big takeaways for tech leaders:

  • Email phishing attacks increased to over 10,000 alone in May, according to a Barracuda security report.
  • With information scams, money scams, and spear phishing used left and right, users should be wary of opening attachments or links sent in an email.

Also see

phishingimage.jpg
Image: iStockphoto/MicrovOne

About Macy Bayern

Macy Bayern is an Associate Staff Writer for TechRepublic. A recent graduate from the University of Texas at Austin's Liberal Arts Honors Program, Macy covers tech news and trends.

Editor's Picks

Free Newsletters, In your Inbox