Cybercrime’s Go To Scam Tactic


We’ve heard much about breaches lately. Hackers have been using various strategies to penetrate corporate networks and personal accounts. By far, the number one tactic used by the cyber-underworld is phishing. In other words, more scams start with a phish than any other method. But, do you know the different techniques?

Phishing Techniques

Email. Everyone is familiar with this tactic. Hackers send millions of scam emails each year. Clicking infected links starts the data-stealing process.

Vishing. Involves Voice phishing or phone fraud that entices targets to divulge sensitive data.

Smishing. Fraudulent text messages trick targets into revealing personal information or downloading malware.

Although they are different tactics, they do have one thing in common. They exploit human trust, making them very effective.

Email delivers over 90% of phishing attacks.

A Few Common Scam Subject Lines

Scammers are savvy, and they know human psychology. Hackers know that subject lines that emit curiosity will bag many hapless users. One to two-word subject lines work well:

  • Urgent
  • Notice
  • Request
  • From Admin
  • Important Info
  • IT Support
  • Payment
  • Email Alert
  • Attention
  • Document Attached
  • Zoom Meeting

Hackers also experiment. In particular, they use current calamities to lure their victims, such as:

  • Your COVID-19 Test Results
  • Help The Earthquake Victims of Haiti

Subject lines change. Most importantly, criminals use current events to get you to open their email. In short, keep an eye on major headlines! Subsequently, view unsolicited emails using headlines citing current events as suspicious.

What Hackers Are After

According to Proofpoint’s 2021 State of the Phish Report:

  • 60% of attacked organizations lost data
  • 52% had credentials compromised
  • 47% suffered ransomware infections
  • 18% lost money via Business Email Compromise

What Organizations Can Do Now

  • Connect your Security Awareness Training Program with your entire security platform.  They are not separate entities but parts of the same process.
  • Make your employees stakeholders. They need to buy into your security program for it to be effective.
  • Manage your security program. Remember, what gets measured, gets done. Managers need the data to fix issues, whether shortfalls involve training or systems. So follow the stats and make adjustments as needed.

XSolutions is an IT Services Provider serving New York (NY), New Jersey (NJ), and Connecticut (CT). We provide Managed IT Services | Managed IT Security | Backup & Disaster Recovery| Cloud Data Protection | Security Awareness Training. Call (845) 362-9675 for a free consultation.