Dearest Lovely Friend,
My name is Mr. Nweni Adeyemi. I apologize if this message comes as a surprise, but please permit me of my desire to know you a bit better.
I am the son of the late Al-badari Adeyemi of Nigeria, whom was murdered during the attack on Solemani. Before his death, my late father deposited with me the sum of 4,000,000$$ U.S. dollars for safekeeping. I am here seeking for you a manner to transfer these funds for your benefit as a trustworthy and honest person for investment. In exchange for this incredible gift I will please offer you the sum of 20 percent or 800,000$$ for your assistance.
Reply to my alternative email firstname.lastname@example.org.
Who could turn down such a deal, right?
Although the “Nigerian prince” email is one of the most widely-known (and imitated) cyber threats, it’s by no means the only one out there. And even this seemingly obvious scam is used to defraud Americans out of an estimated $700,000 per year, which often means that more sophisticated attacks are even more lucrative for hackers.
This April Fools Day, learn about some common phishing and ransomware scams that can take even the most dubious and internet-savvy people by surprise.
Spear phishers seek personal information through emails, text messages, and other legitimate-sounding communications. But unlike many spam attacks that send harmful links to thousands or even millions of email accounts in an attempt to nab a few victims, spear phishing is far more individualized and targeted. This can make it much more effective than mass spam attacks.
The ultimate goal of a spear phisher is to get their target to click on a link and input sensitive personal and financial information. To do this, they look for publicly-available information about the target, like a recent business acquisition or trade show, and then send an urgent-sounding request related to this event while pretending to be a vendor, coworker, or supervisor.
For example, a spear phishing email may spoof a vendor and inform the target that their recent order won’t ship unless they click on a link. Once the victim navigates to this page and inputs their financial details or other sensitive information, the spear phisher has everything they need to begin a theft campaign.
As the name implies, ransomware attacks solicit a ransom from the victim in exchange for access to their computer and data. Ransomware often begins with a malicious link or plugin that allows outside access to your computer.
Once the hacker is inside your computer, you lose control of your operating system until and unless you pay a ransom—and with the average amount recovered in a ransomware attack recently exceeding $84,000, getting your data back can be an incredibly expensive prospect.
Email Account Takeover
Another common cyber-attack involves the total takeover of an email account within your organization. Once spammers gain access to a legitimate email account, they’re able to spoof emails to anyone in the account’s contact list, create rules that reroute replies to a hidden subfolder, and carry on correspondence (and attempts at extortion) to your trusted clients, vendors, customers, and business partners.
Email account takeover can cost you money and compromise public trust in your organization—and worst of all, you may not even know you’re the victim of an email account takeover unless someone who has received one of these spoof emails contacts you to express concern.
If you’d like to boost your organization’s defenses against cybercrime this April Fools Day, contact our experts to set up your free 30-minute cybersecurity phone consultation.