Here at eSign Genie, safety and security are our top priority. We take the business of keeping your important and sensitive documents secure seriously, which is why we have implemented stringent security protocols and safeguards such as dynamic encryption and SOC 2 Type 2 auditing and compliance.
But what about keeping your data safe outside of using eSign Genie? Unfortunately, hacking attempts are on the rise. According to Forbes, “The year 2020 broke all records when it came to data lost in breaches and sheer numbers of cyber-attacks on companies, government, and individuals.” According to reports, out of the reported hacking attempts, an astonishing 80% are phishing scams and there are over 2,145,013 phishing websites reported as of January of 2021.
Maintaining awareness and vigilance with keeping data and documents safe from hacking attempts is crucial. The world of digital security is constantly evolving to keep up with a steady stream of new cybersecurity attacks, but it’s also vital that individuals and companies are in the know to prevent data theft and exploitation.
Essentially, phishing is when cyber attackers will use assorted tricks and methods to trick their victims into providing or revealing confidential information such as data, documents, passwords, and payment information.
A variety of different phishing techniques are used by hackers, many of them psychological. Attempts involving offering things for free, making threats or issuing urgent demands, pretending to need help, and other similar actions are very common in phishing scams.
There are several different types of phishing techniques commonly used by cyber attackers:
This type of phishing targets senior business executives in an attempt to access high-level data and information.
Email phishing is generally seen as the most common form of phishing. In this form, hackers will create emails impersonating a company widely used by individuals and attempt to steal information by feigning urgency and sometimes implementing malicious links. These emails will often be sent en masse to unsuspecting individuals whose information has been compiled on large lists, often through the dark web.
Spear phishing often occurs in business due to its attempt to target specific employees through contacting its employees directly. In these attempts, the hacker will pretend to know the employee and request valuable company information or provide a malicious link to steal information once clicked.
Clone phishing is the act of replicating a legitimate email and sending it to the recipient shortly after they receive the real email. In this case, hackers will often pretend a second email was sent due to some issue with the first email and then request sensitive information or provide malicious links.
Vishing, or voice phishing, is conducted by phone. In vishing attacks, cyber hackers will pretend to be an institution of authority, such as the police or the IRS, or will sometimes act as a debt collection agency in an attempt to obtain social security numbers and payment information.
Pharming involves targeting domain name system (DNS) servers during internet browsing and redirecting unsuspecting individuals to fake websites or IP addresses where data can be stolen.
Search Engine Phishing:
Unfortunately, search engine phishing happens by the hackers registering and indexing their websites with search engines and then seeking to woo shoppers with amazing sales before then stealing their payment and banking information.
Smishing attacks are conducted through text messages and often involve pretending to be a certain legitimate business asking for payment information or providing malicious links disguised as sales or coupons.
This type of phishing occurs when hackers gain access to a CEO’s or executive’s email and then sends out emails from that account to company employees with the intent of obtaining access to bank accounts or initiating wire transfers through the use of false invoices or malicious links.
Evil Twin Phishing:
Evil twin phishing is conducted through false WIFI networks that once connected can lure unsuspecting individuals to false websites in an attempt to steal information.
Social Media Phishing:
By creating fake social media accounts, hackers can steal data and information from other users through the use of malicious links or by impersonating someone or a company that the user may trust and provide information to more easily.
Tips to Avoid Becoming a Phishing Victim
While cybersecurity threats are all around us, there are certain steps that employees and individuals can take to prevent becoming a victim of a phishing attack.
Take These Actions
- Always use strong and unique passwords for every website
- Keep your antivirus software up-to-date
- Use password security features like 2FA
- Be on the lookout for overly-demanding emails or those that seek to instill fear as their primary objective
- Check the sending email; often the email being used to send a phishing message will not match the company the hackers are pretending to be with
- Hover over any emailed links before clicking to see what location they may be taking you to before clicking
Remember These Tips
- The IRS and law enforcement organizations will never email or call asking for payment information.
- If an offer seems too good to be true, tread carefully before considering clicking any links or providing payment information.
- Phishing emails often incorporate poor grammar and spelling. Poorly written emails are most likely not coming from a legitimate institution.
- If you receive an unexpected email requesting you to open an attachment, do not open it until you have verified the source and legitimacy of the email.
Security is our top priority at eSign Genie. Visit our Security Center to learn more about how we keep your documents secure.
Ask These Questions Before Proceeding
- Does the email begin by addressing you individually, or is it more generic? If it’s generically addressed, it could be part of a broader phishing attempt.
- Do you recognize the individual or business sending you the email?
- Are you being asked to provide sensitive information directly through the email to the sender?
- Did you expect this email to be sent to you?
- Where did the email come from; does the address used look legitimate?
- Does the email just not “feel right?”
- Is the email threatening you with serious repercussions if you don’t comply with what the sender is asking?
Not only does eSign Genie work 24/7 behind the scenes to protect your data, but we also offer important security features like two-factor authorization (2FA) to help our users thwart cybersecurity issues like phishing scams. Speak to an eSign Genie expert today to find out more.