There are many online scams that are designed to separate individuals from their money or personal information, the most prominent one is known as a phishing scam. Per techtarget.com, phishing is defined as, “A form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.” Phishing scams can be used to gain bank account details, passwords to personal accounts such as email and social media, and sensitive company information. As a result, personal data can be compromised and sold on the black market to individuals seeking to make purchases with stolen bank details, or impersonate someone else online. In the case of a corporate breach, employee or company data may be misused. Often, phishing scams will take the form of someone acting as a bank official or someone of merit.
One example involves an email scam that impersonates a representative from the Federal Trade Commission (FTC). According to an article posted on the FTC blog, the following is an example of a fraudulent email:
“This notification has been automatically sent to you because we have received a consumer complaint, claiming that your company is violating the CCPA (Consumer Credit Protection Act).
According to our policy, we have initiated a formal investigation before taking legal action. You can download the document containing the complaint and the plaintiff contact information, from…”
This email is meant to be intimidating, and according to the article, bears the official FTC seal and a seemingly official email address. This is a security threat that relies on recognition and reputation, because if individuals are receiving emails such as these that bear familiar logos and brand markings, they are more apt to feel comfortable sharing information. In addition to a sense of familiarity, emails such as these also invoke a sense of fear, because individuals are told that they are being investigated due to breaking the law. In a state of fear, rational thought may be clouded and individuals could more likely to click on a link contained in the email. The FTC article states that the links within the email likely contain malware which can ruin a computer if they are clicked on. Maintaining awareness and staying vigilant while online helps to combat such scenarios.
This sort of interaction establishes a sense of trust between the scammer and the victim. Phishing attackers will often send emails using official logos, or contact victims in a capacity that appears legitimate. Once the scams are done, victims are forced to go through an arduous process to restore their finances, credit, or identity.
In the workplace, phishing attacks may be used to gain certain information in order to manipulate or negatively impact a company. Attackers may masquerade as fellow employees in order to gain trust and infiltrate company databases. Data breaches highlight the need for companies to have effective security measures in order to prevent the compromising of sensitive data.