Did you know that each year, about 83% of all organizations experience a phishing attack? If you or an employee of yours has fallen victim to this type of digital scam, you are not alone.
A few years ago, scams were largely these flashy, gaudy pop-ups that shout, “You won a trip to Hawaii! All you have to do is download these very large files and give us your social security number.” These were easy to identify and avoid.
Nowadays, not so much. Even intelligent, responsible people can fall victim to advanced and convincing scams. If you’re vigilant, you can avoid even the most convincing scams. Companies of all sizes need to educate themselves and their teams on how to keep their data safe.
Let’s talk about common 2024 phishing scams, how to identify them, and what to do if one lands in your inbox.
First, Why Do You Need to Put in the Effort of Avoiding Scams?
Well, the obvious answer is that you want to protect your money, data, and digital safety. That’s a no-brainer. Take it a couple of steps further and tell you why you need to put money and training behind your scam prevention.
Here are some somber stats that will convince you best:
- An estimated 3.4 billion phishing emails are sent daily.
- There was a 345% increase in unique phishing sites between 2020 and 2021.
- Direct financial loss in 2022 increased by 76% from successful phishing attacks.
- Approximately 90% of cyberattacks are estimated to begin with a phishing attack.
The most important fact to remember? You’re only as protected as your weakest link with access to your data. The more people with access to your passwords, emails, and important platforms, the more critical it is to train your team on the importance of phishing scams.
Common Phishing Scams in 2024
Social Inbox “Notice of Page Termination” Messages
If you’ve been checking your business DM account, you’ve probably seen one of these (or potentially, 15 times per day). They manifest as a long-winded DM, trying to convince you that your social activities “go against Facebook advertising guidelines.” Another is that your page will be terminated or permanently removed if you don’t review or fix the information. These messages include a suspicious-looking link and usually have a name like “Facebook User” or “Facebook Rep” and have a signature that looks like the following:
Best regards,
Facebook support group
© Noreply Facebook. Meta Platforms, Inc., Attention: Community Support, 1 Facebook Way, Menlo Park, CA 94025
The hope is that you’ll take the threat seriously, click the link, and offer valuable information or create a backdoor to your sensitive data.
What to Do If You’re Targeted by a Facebook DM Scam
If you find one of these in your DMs, ignore it! Facebook is not about to permanently delete your page. You can simply ignore this DM, mark it as fraud, and delete it if multiple scam attempts are bogging down your DMs.
If you or someone with access to your social media clicks the link, contact Facebook support and immediately change your social media passwords.
A visual example of a Facebook scam
Payroll Scams
Scammers may use phishing emails to trick employees or payroll personnel into disclosing sensitive information like login credentials or bank account details.
These emails can be highly customized, posing as a legitimate source and including names of other employees. They usually include an urgent message like “there’s an issue with your payroll information that needs immediate attention.” It will consist of a request for login information and sensitive data, or may include an encrypted file and/or link to click.
If an employee receives this email from a “reputable source” and thinks a payroll issue needs immediate fixing, many people won’t think twice about attempting to mitigate the issue.
For example, here is one that we recently received:
“Hi [Boss],
I need your assistance in changing my direct deposit information. I have my new account information with me, can I send it over to you to make the changes for me?
Best Regards,[Employee Name]”
This fairly convincing email aims to have the company update the banking info for this specific employee and receive their paycheck. As the information in the email is accurate, you may not catch it as suspicious. But if you look closer, you’ll see the signs.
What To Do If You’re Targeted by a Payroll Scam
Receive an email about payroll? Ask yourself the following questions:
- Do I recognize the actual email address? (Many phishing scams will have a similar email, with one character off or a completely unrelated address)
- Does this person usually reach out to me about this?
- Is this a lapse in the norm regarding the payroll process?
If you’re still unsure if this email is legitimate, reach out to the “sender” through a different form of communication (Slack, text, call, or a completely separate email thread with their standard email) and ask them if they know the email.
If you or someone with access to your data follows the directions in the email, reach out to your payroll team and immediately change your digital passwords. You may need to take further action with your banking entity to stop any financial transactions.
A visual example of a Facebook scam
Security Hacks
About every two weeks, many of the apps and plugins we use have an updated version of the apps for new functionalities or “minor bug fixes.” Minor bug fixes can include any security vulnerabilities that scammers have or could exploit. If you don’t regularly update your apps, you may use a version with vulnerabilities that scammers can exploit.
These updating habits are also crucial for PHP software. Like any software, PHP is regularly updated to address security vulnerabilities and improve performance. If you don’t update your PHP version, hackers have a much easier time executing arbitrary code, bypassing security controls, or launching attacks.
What To Do If You’re Targeted by a Security Hack
The easiest way to avoid security hacks is regularly update your plugins and PHP software. This will ensure you always have the most current and secure digital system. Invest in malware scanning software and work with a cybersecurity company to further avoid a security hack to optimize your digital data protection.
Highly Customized Phishing Scams
Similar to payroll scams, highly customized phishing emails pose as someone you know and potentially have internal context that could trick people who aren’t paying attention.
This could come in the form of an email like:
Hey [your name], it’s [Boss]
I’m emailing from my phone. I’m in a bind and [need access to a file] [need you to open this file] [need you to send this password].
Can you take care of that ASAP?
[Boss]
It’s out of character but not quite 100% suspicious. Most employees trained to look out for these types of scams will ignore them, but employees who haven’t dealt with this before could easily follow the instructions too far before they start to catch on.
What To Do If You’re Targeted by an Email Scam
Similar to the payroll phishing scam, you need to ask yourself questions about the email’s validity. If you aren’t sure about the nature of the email, reach out to the “sender” via a separate line of communication.
If you or an employee realize that an email request is a scam a little late, you may need to invest in malware software, update passwords, or contact an IT company based on the specifics of the fraud.
Want more tips specific to adventure companies?
User-Generated Content (UGC): What It Is and How to Leverage It
Demystifying User-Generated Content (UGC): What It Is and How to Leverage It to Uplevel Your Social Presence Many companies in the tourism industry have very similar questions: How do we optimize reservations on weekdays? How do we boost trip reviews? How can we reach [...]
