- LinkedIn invitations. Emails containing an invitation to connect to someone on LinkedIn seem so utterly innocuous (and potentially good for your career), that clicking a life-like link becomes almost automatic. Cybercriminals have begun to take advantage of our collective trust and deeply ingrained habits in our social media spheres. Scary.
- Undelivered mail returned to sender. Nothing is worse than getting the notification that your time-sensitive email hasn’t been delivered. This scam uses this stressful situation to leverage the victim’s sense of urgency.
- Mobile. There’s a simple reason why mobile phishing scams are on the rise – smaller screens. Can you really distinguish a one-letter difference in a domain name, if the site looks virtually identical to the real thing?
Remember the good old days, when cybercriminals weren’t too bright? Back when scam emails were riddled with spelling and grammar mistakes, sent from addresses that were clearly not associated with real businesses. Remember being asked to click on clearly fake links with names like www.realbusiness.org? These were simpler times. Even if one or two members of your team got duped, it was relatively easy to fix and explain so they could effectively scope out the next one. Unfortunately, cybercriminals have been studying, and the commoditization of “phishing kits” allows even the dumbest ones to execute fairly sophisticated scams. Just as unfortunately, employees are notoriously bad at guarding against these scams – 59% of data security breaches were due to employee negligence last year. Yikes. Just for fun, let’s look at some scams that were particularly effective: