Phishing attempts are on the rise, and there is one message, in particular, you should be on the lookout for.
Be on the lookout for any email directing you to https://suquim.com…/.
Phishing attempts are nothing new. Each new wave follows the same basic pattern and uses emails that follow the same basic structure. The content varies from scam to scam, but the tactics and intent remain thoroughly predictable. That being said, a new scam has just been brought to our attention, so we’re sharing the specifics with you so that you and your team can avoid falling victim to it.
These scams work best when they rely on a healthy dose of scare tactics to get recipients to behave the way the scammer needs them to in order to have their attempt be a success. This scam is no different, presenting itself as a message warning of “suspicious activity” detected with an email address registered to your business. The message includes a button or link to “Security Settings,” which then asks you to sign in using your password. The site looks pretty legit, but it’s anything but.
This fake site is a good example of what to look for when you suspect something fishy is going on. The site looks perfect at first glance with no obvious spelling or grammatical errors or weird graphics. However, if you check the domain name in the example below, you’ll see that it’s a little off. Last I checked, Microsoft doesn’t operate off of “suquim.com,” but nice try. If one of these messages turns up in your inbox, delete it.
Since there is no rest for the wicked, this isn’t the only cyber threat we’ve been hearing about in recent days. Another popular scammer activity is seeing an uptick, this one focused on trying to get unsuspecting employees to wire crooks a little cash. Fooling targets into completing a wire transfer for a supposed higher-up is also nothing new. Most of the time in these cases the scammer will mask their email address by pretending to be a C-level or management-level employee asking a lower-level employee to handle a wire transfer for them ASAP.
Once again leaning on scare tactics to create a false sense of urgency, most employees who open these messages will jump into action. The thought of screwing up a business deal or upsetting an important client because they insisted on asking too many questions is enough to make more people act without a second thought. Just like that, a sometimes huge chunk of cash is gone, taking up residence in some criminal’s bank account.
This particular scam is slightly less of a concern for smaller businesses. Not because they’re less likely to be targeted, but because having fewer employees makes it more likely that whoever gets this email will feel comfortable with the idea of popping into the boss’ office or giving them a quick call to verify the request. The more staff your business has, and the more compartmentalized your departments are, the higher the odds of this scam succeeding are.
However, unlike a lot of other phishing attacks, the wire transfer scam has a surprisingly easy solution – make it mandatory that any wire transfer requests be made verbally. If getting an email asking you to make a transfer is completely out of the ordinary and against policy, your employees are significantly more likely to double-check the request before the release a single penny to the provided account number.
The fact that phishing attacks continue to happen on the regular, with new variations on the same old trick popping up over and over and over again points to a bigger problem than the scams themselves. Cyber criminals keep doing the same old thing because we keep right on falling for the exact same tactics without ever seeming to learn from the experience. That’s what makes ongoing cyber security training so important.
Waiting for another major cyber attack to start making the rounds is not the time to start looking at training your staff. Making cyber security education routine for your entire team – management included – is the most effective way to stop a phishing attempt. Knowing what these tactics look like makes avoiding them pretty straightforward. However, if the last time you had this conversation with an employee was when they got hired, chances are that very important information has long since been forgotten.
Of course, cyber security training should focus on more than just phishing emails. There is more than one way for a hacker or scammer to steal information or funds from your business, or slip past your defenses to leave a nasty, data thieving or corrupting surprise inside your network. Make cyber security everyone’s job instead of leaving it up to your IT personnel, and you’ll be surprised at how much of a difference it can make.
Want to learn more about the steps you can take to protect your business against cyber threats? Contact BIOS Technologies at firstname.lastname@example.org or (504) 849-0570. We’re the IT security professionals businesses in New Orleans trust.