As we slowly wrap up 2018 and prepare the canvass for 2019, we tend to reminisce on the year that we had. It’s also best to look back at our mistakes and learn from them. This same principle goes well with cybersecurity. Looking back, 2018 was a busy year for online security experts. So in the spirit of self-improvement, let’s check out the five worst phishing attacks of 2018 and see where companies can tweak their online security game.
Phishing Emails Disguised as GDPR Emails
Free World Cup Tickets Phishing Scam
The collective passion of all soccer fans urged hackers into making a quick buck. Phishing emails promising free World Cup tickets started circulating in June. The phishing scam got viral real fast that the Federal Trade Commission had to send an advisory to the public. "The offer may seem promising, but the truth is, scammers are simply phishing for your personal information. Never open files or click on links sent by strangers. And never pay a fee to claim a prize," the FTC wrote in their statement.
Cloud-Based Fake Document Phishing
Cloud technology definitely had a great year in 2018. Various apps and services started harnessing the power of the cloud and unfortunately, so did hackers. For example, various hackers tried luring victims with fake documents stored in Google Drive, Dropbox, and other cloud-sharing platforms. Instead of the intended file, the documents contain various hacking agents ranging from keylogger to malware scripts. Never ever click on these cloud documents especially if it came from an unknown source.
Fake News Phishing Scams on Social Media
This list won’t be complete without mentioning the rise of phishing attacks in all social media platforms. Aside from connecting people online, social media also made phishing a lot easier. Hackers often use fake news and alarming headlines on Facebook, Twitter, Snapchat, and other platforms to entice victims into clicking malicious links. And unlike emails, it’s harder to quickly verify on social media if the person you’re talking to is actually a real person and not a hacker’s creation.
Sextortion Email Phishing Scam
Now this one’s just awful. Using the various data breaches that happened in 2018, hackers lure victims into giving their credentials by claiming they have footage of the victims doing something illegal or embarrassing, like watching adult content. Some hackers even use the victims’ redacted phone numbers to make their emails more legit. They then try and blackmail their victims into sending them money. Unfortunately, the hackers made over $500,000 using this dirty trick alone.
As terrible as this list is, it only proves that companies should definitely do more in protecting their assets and their customers from phishing attacks. Luckily, getting better cybersecurity isn’t that hard to do. GlobalSign can help improve your company’s online security efforts. Check out our official website for more details.