August 06, 2019

The Latest Phishing and Social Engineering Scams to Watch Out For

In today’s work environments, employee’s inboxes are often bombarded with scam emails. Emails that might look like regular messages from their bosses or colleagues are in fact malicious attempts to lure employees into exposing confidential information to hackers. Findings from our 2019 Data Protection Report confirm that employees are primary targets for these types of phishing scams. As a result, IT departments and organizations are tasked with staying up to speed on these latest scams. To help, Shred-it has identified some common phishing email scams to watch out for and what to do if you or a colleague receive one.  

How to identity a Phishing email scam:

How do you know if an email is a scam? When you receive a suspicious looking email requesting information, always ask yourself:
  1. Is the information requested legitimate?
  2. Is there a sense of urgency?
  3. Does the email look professional?
  4. Are there typos or inconsistent email addresses?
It’s very unlikely that your workplace or financial institution will ask you to disclose personal information related to company finances or personal passwords over email, so it’s important to keep this in mind if you come across this situation.

While some fraudulent emails look professional, others may contain spelling errors and use language that is not professional. Some phishing emails may address you as “Dear valued customer or Dear valued employee.” It is important to be aware of these common phishing tactics, so you don’t become a victim.

Types of Fraudulent Emails:

There are many types of fraudulent emails that employees need to be on the lookout for. Here are a few types of common phishing emails:
  1. “Pretender.” This is an email where scammers will send emails with fake and urgent invoices asking individuals to provide immediate payment through visa or other payment methods.
  2. “Hit-and-run” scam. This is where employees are tricked into paying hackers for things they don’t actually owe, such as unpaid taxes or fines. These emails appear as regular emails, however trick people into clicking on a link or pop-up message.
  3. “Urgent CEO Request.” Another popular type of email scam is one that looks like it is from a high-level executive requesting the immediate transfer of funds or confidential files. When in fact, this transfer is actually set up to send to the hacker.

How to Avoid Phishing Emails:

Now that you are aware of some of the common types of email scams, you might be wondering what to do about them.
  1. It is important to always be cautious. Phishing scams can look like regular emails. If you have any doubts about an email, make sure to contact your IT or human resource department to ensure that the email sent is in fact legitimate.
  2. Never send confidential work passwords or financial information over email. And make sure that your computer is protected. It is important to have anti-spam and anti-virus software installed in order to eliminate the number of external attacks on your computer. If you have any concerns, you should talk to your IT department. 
To learn more about how to avoid being a victim of identity theft, please visit the Shred-it resource centre.