Phishing and Smishing

Cyber Criminals

As cliche as it may sound, the rate and frequency of cyberattacks on both businesses and individuals has increased markedly, particularly during the COVID-19 epidemic. Work-from-home policies brought work computers outside of the walled gardens of workplace intranets, providing hackers additional vulnerabilities to access proprietary data and hardware.

One of the most potent tools in a hacker’s arsenal is also one of the lowest tech – social engineering – or the psychological manipulation of an individual with access to data/systems into giving up access, often without them being fully aware of what’s happening. Phishing is a commonly used tactic by hackers, in which a message (such as an email, text message, or IM) is sent purporting to be from a reputable source (often visually mimicking an email/message), such as one’s boss or a government agency, and often implores that the reader do something, such as clicking a link, downloading a or logging into a platform in order to gain access.

Phishers will often phrase the email/message with a sense or urgency, trying to incite the reader into a state of immediate and uncritical action which can result in one making hasty actions. Cybercriminals may use “typosquatting” techniques where they use misspelled variants of well-known companies or organizations as the sender email that’d likely be overlooked in a brief glance going through emails or URL links embedded within them. Additionally, phishers will also often use generic email addresses that end in that are available for individuals and are not associated with the web domains of actual businesses. Moreover, phishing emails are typically (though not always) characterized by awkward or improper grammar, which can be the result of schemes that are developed by scammers living abroad. Finally, requests for payment using methods that are more difficult to trace, such as wire transfers, money orders (such as Western Union), gift cards, and cryptocurrencies (including Bitcoin and Ethereum) are additionally correlated

With the continued growth in popularity in text messages over the past few decades, phishing over SMS or “smishing”, has grown alongside it. Unlike phishing through emails, which often allow for larger attachments, smishing schemes will typically include a URL to an external site at the end of the message. According to Texedly, some of the more common smishing themes and ploys are – winning a contest that you probably never entered (probably the oldest trick in the book), the IRS is trying to contact you, information regarding a bank account (scammers will often use the names of popular banks, such as Chase and M&T Bank), or info regarding a purportedly recent online transaction (such as a rebate for a recent Amazon purchase).

When it comes to many of these confidence tricks, one of the most important things to remember is that if a message seems suspicious, assume that the message is illegitimate. If you receive an urgent message from what appears to be your boss or one of your coworkers, but you’re not sure if the message is really from them, you can try asking them directly, either in person or in a separate email/message to confirm. Also, if your organization has an IT department, they will likely be able to assist you with any questions you may have regarding the validity of messages you’ve received and how to detect fraudulent messages within your organization.

If your business is seeking a comprehensive solution to IT concerns, New York Technology Solutions is here to serve as a trusted guide and assistant for a myriad of key technology services, including IT Management, Cybersecurity, and Managed Backup. NYTP can also assist your business with hardware and software sales with extensive experience in IT Management plans starting as low as $7.99 a month. For more information, visit our website at, or call us at (585) 300-4720.

Post Comment

Your email address will not be published. Required fields are marked *