Skip to main content

Targeting Employees: Cyberthieves Up the Stakes With Sophisticated New Phishing Scams

Learn about new sophisticated phishing scams that could be targeting your employees. Learn more via fresh insights.

 
If you receive email — and who doesn’t? — then you have most certainly been the target of a phishing scam.
 
Phishing is the name that was given to email scams in which cyberthieves send out thousands of fraudulent emails supposedly from legitimate companies or financial institutions. Their goal is to trick recipients into clicking on links or opening attachments that take them to fake websites where they are encouraged to share sensitive personal information.
 

 

 

Targeting Employees

Now, cyberthieves are upping the phishing stakes by shifting their attention to employees. These scams try to get employees to expose sensitive corporate information (like bank account login credentials and wire transfer passwords) or download dangerous viruses and malware onto corporate computers and networks.
 
According to Cadence Bank Senior Vice President and Information Security Director Laura Buckley, CISSP, CISA, CRISC, phishing has infiltrated the corporate world in the form of fake emails supposedly from a company’s CFO that request an urgent wire transfer from employees. “We are now hearing about this on a more frequent basis,” says Buckley. “This makes it critical that corporations instruct employees to always validate internal wire transfer requests just like they do external wire requests.”
 
Cyberthieves are also using phishing schemes to infect corporate computers and IT systems with malware. When installed on corporate computers, this malware can capture employees’ online banking credentials, which cyberthieves can then use to wipe out corporate bank accounts. Malware can also be used to steal sensitive information for the purposes of corporate espionage and insider trading. And by downloading malware onto merchants’ POS systems, cyberthieves can steal unencrypted credit and debit card information.
 

 

 

More Sophisticated Scams

Buckley says that phishing emails are becoming more and more sophisticated and harder to detect. For example, spear phishing is a more targeted form of phishing in which cyberthieves send highly targeted emails to potential victims who they know have a relationship with the brand that’s being hijacked. This often enables them to get past victims’ initial suspicions and convince them to click on bogus links or download viruses disguised as legitimate attachments.
 
Given the increasing sophistication of phishing scams and incredible damage they can cause to corporations, it’s critical that corporations train employees on how to spot phishing emails and what to do when they receive them. “There are usually telltale signs that make it fairly easy to spot phishing emails if employees know what to look for,” says Buckley. These include the following:
 

 

 

Generic Greetings 

— Phishing emails usually include a generic, non-personalized greeting, such as “Dear (Company) Member,” if they have any greeting at all. If you are actually a customer of a business or institution, they will know your real name and personalize the email to you.
 

 

 

A false sense of Urgency

— Cyberthieves often try to convey an urgent tone in phishing emails and dire consequences if you ignore their warning. An email from a legitimate business or institution probably won’t include such a tone and will ask you to contact them separately from the email itself, such as by phone or by logging into their website independently of the email. 

 

 

 

Suspicious Links & URLs

— If you look closely at the links in phishing emails you’ll see that cyberthieves have used deception to try to make them look legitimate. For example, they hide the real web address at the end of a long URL. You can check URLs without actually clicking on them by hovering your mouse over the link — the full URL will then be displayed.
 
Buckley says that businesses and employees should forward any suspicious emails that might be phishing emails to the legitimate organization that is being impersonated. “This includes Cadence Bank if you or your employees receive a phishing email supposedly from us but that clearly isn’t,” she says. Phishing emails should be forwarded to reportphishing@cadencebank.com.
 
In addition, Cadence Bank is working closely with Phishlabs to fight back against cyberthieves. Whenever a phishing attack is detected, Phishlabs works to shut down the phishing site and report the cybercriminals behind it.
 
Cadence Bank takes cybersecurity very seriously, so we have created a comprehensive Fraud Information Center with tools and information to help you in your cybersecurity initiatives.  

This article is provided as a free service to you and is for general informational purposes only. Cadence Bank makes no representations or warranties as to the accuracy, completeness or timeliness of the content in the article. The article is not intended to provide legal, accounting or tax advice and should not be relied upon for such purposes.


Questions? We are here for you...

To ensure your safety, please do not include sensitive information in your submission.