If you thought most email phishing scams were so obvious that only clueless victims could fall for them, recent headlines prove this wrong. A new breed of phishing scam targeting some of the world’s most well-known companies has cost these firms over $2 billion in more than 12,000 successful attacks, according to the Financial Times.
If you work from home or in any type of office, take note because email phishing scams are getting a lot smarter and more insidious. The days of fishy emails typed out in broken English and asking for wires to unfortunate Nigerian princes may be coming to an end.
Here’s the scoop on how the current CEO phishing scam works and how to avoid it:
- A brief, casual email arrives from a top executive or even the CEO of the company from the correct email address, with nothing appearing out of sync.
- The request is for the recipient to wire money to a certain account or share some other sensitive company information, such as employee payroll data.
- The scam often works because it plays off of certain corporate cultures; fellow executives may be used to such informal and terse communications between one another, while a request from a CEO made to a more junior employee may not garner any questions out of a sense of obedience.
Employees at Xoom, Ubiquiti Networks, and Snapchat have all fallen prey to variants of this scam, according to the Financial Times and CNN Money. This shows that even those at the most tech-savvy companies are vulnerable to this new breed of phishing scam.
The main lesson here is to understand how a reduction in “friction,” i.e. how easy it is to communicate and move money between parties, can be a dangerous thing in a world of cyber-crime and hackers. We all appreciate instant messaging, one click shopping and mobile payments, but these same tools can make it extremely easy for the bad guys to impersonate colleagues and family members, and to capitalize on one quick misjudgment.
So the next time you receive a sensitive email request from your boss at work, or simply receive an email or text from a loved one requesting money, pause to ensure that you are dealing with the true article. Pick up the phone, walk down the hall, or reply back to the email and ask a follow-up question to help ensure you’re not the next victim of this costly scam.
