Looking for B2B E-Commerce Leads? The E-Commerce Times Offers a 100% Satisfaction Guarantee Request Info

Posted By ECT News Network on 01/21/2019 in Security

That Personal Email May Not Be Personal at All: How to Spot Phishing Scams

That Personal Email May Not Be Personal at All: How to Spot Phishing Scams

By Mike Gross 

I nearly made a bad mistake a couple of weeks ago after I received an email from a top online retailer stating there was a "problem with my recent order." I had recently purchased several items and knew that any delay would jeopardize my holiday gift delivery.

I was just about to click the "Login" button and then stopped. Thankfully, I had the presence of mind to double-check the sender, and it wasn't my favorite shopping site after all -- just a really good fake email from a phishy sender.

I had almost fallen victim to one of the oldest and most common fraud scams in the books -- a phishing email. Phishing is the fraudulent practice of sending emails claiming to be from reputable companies. Fraudsters do this to get recipients to click a link and reveal personal information, like passwords and credit card numbers.

Sometimes they will even install malware on your mobile device or computer, directing you to a fake storefront to pilfer information like bank accounts, or create new fraudulent accounts using your identity information.

Constant Vigilance

First, I thought, "Wow, what a dumb mistake, especially given our focus at work." But phishing scams today have become more sophisticated and personal. We are all busy with life -- our work, family, commute and dinner plans, along with keeping up on the latest news cycle.

Virtually anyone could be inclined to quickly click on a link stating there is an issue with their recent order. The best phishing scams are those that appear to come from a trusted source and reference real information about you, one of your recent shopping orders, or your personal preferences. Sometimes, a scam can even take the form of an "update" on the delivery of your recent orders, and you might rush into clicking links to resolve the problem.

Attackers generally focus on major online retailers to enable the largest possible attack. Many consumers have established two-factor verification for accounts with top online retailers, but fraudsters can use this to their advantage if you're not vigilant.

For example, a scammer might send an email to suggest there is a problem with your recent order, then when you click on a link in the email to check on the issue, you might see a pop-up indicating that you're using a different device than previously seen in the account.

Without thinking too far into it, you're given a one-time passcode that you enter to confirm your identity. The attacker can use your credentials and passcode to successfully log in as you, purchase goods using on-file payment information, and have the goods shipped to an alternate address.

Another effective method for fraudsters is to leverage platforms that billions of consumers around the world use daily, like social media, which many people use to share photos and links with their friends and family. Fraudsters use malware or keyloggers to access social media accounts, masquerade as you, and amplify attacks by reaching out to all of your connections.

And since fraudsters can just as easily take advantage of the latest AI and machine learning advances, scams are more sophisticated than ever before. Today's attacks often use millions of servers worldwide to make attacks appear personal -- to look like messages from a friend, family member, or other connection.

They know your name, mention something personal that they found on one of your social media posts and ask you to do something -- like click on the latest viral video or picture. This can all be done automatically and be sent to millions of people at the touch of a button.

Defensive Actions

I know this all seems insurmountable, but there are things that businesses and consumers can do to identify if they've been a victim and to avoid becoming a victim of these types of schemes.

From a business perspective, the most effective approach is to assess users' historical behavior. Are you seeing a large number of customers trying to move similar amounts to recently linked accounts, or purchasing huge volumes of in-demand items? Perhaps the contact center is getting a lot of calls claiming fraud, which can be a sign of recent fraud attacks.

Businesses can closely monitor transactions, educate their employees and customers to not click on untrusted links, and make sure there is more than one person to sign off on any account changes or large money transfers.

For consumers, the number one thing you can do is to immediately contact the organization or financial institution where you were victimized. I know this takes time out of an already busy day, but it provides the best chance of recouping any lost funds.

The other thing you can do is to immediately notify your social contacts about the scam if you've fallen victim. That way, others can protect themselves and help limit the damage and spread of any phishing incident.

My experience with an "almost" phishing scam is that no one is immune. But the more everyone is aware of the potential consequences and how they can protect themselves, the less likely phishing attempts will be successful.

About the Author
Mike Gross is Head of Global Fraud & ID Product Innovation at Experian.

Related Articles

Show Phone Number

View Profile

Encino, California 91436

Search Blog Articles

Get the ALL EC Newsletter