Phishing is a method of cyber attacking, with the hopes that an unsuspecting individual will consensually offer personal and sensitive data through a form of communication that appears reputable but isn’t. Commonly, the goal is identify theft or financial gain and the most-used method is through email.
How common is phishing?
Cyber attacks are becoming increasingly advanced. Just as individuals are becoming more aware of common phishing methods and what to look out for, cybercriminals are evolving their techniques. Forbes found that phishing attacks have increased since early 2020, due to a combination of the pandemic, more widespread remote working, and a heavier reliance on online shopping.
Attempts are only becoming more and more prevalent. In the past year, phishing attacks rose by 61% while cryptocurrency-related attempts increased by 257% year to year.
What are some phishing examples?
- Email phishing
The most common format, email phishing will try to convince you that your account was locked or suspended or that you’re eligible for a refund. With this type of urgent messaging, you’ll be prompted to open a link and/or enter sensitive data, which can comprise your identity and expose your device to malware.
- Spear phishing
Spear phishing is a highly calculated technique that takes advantage of all of the information an individual may put out about themselves online. Armed with information like one’s geographic location, occupation, or hobbies, a phisher can make a fraudulent message all the more convincing.
A form of spear fishing, whaling targets an organization’s high-ranking executives. This phishing attempt can come off as tailored and persuasive, whether it’s in the form of a business offer, complaint, or urgent issue that needs resolving.
Thanks to public social media accounts and the amount of accessible information that exists on the web, a cybercriminal can jump in when it’s clear one’s in need of help from an organization’s customer service. Conducting this through email or social media, a phisher will impersonate a customer service representative to draw out personal information.
Smishing comes in the form of a text message instead of an email. Leveraging a sense of urgency, this fraudulent text may impersonate a bank or other institution, carrying a link designed to steal information or open the gates for viruses or spyware.
How can I prevent my email from being considered phishing?
When you’re employed by an organization, their IT team has likely put email authentication in place. Email authentication is a standard for identity verification so your emails won’t be labeled as spam or a phishing attempt. Without this, one could change their email address and copy branding to impersonate a legitimate sender.
How do I protect myself from phishing attempts?
1. Report suspicious emails. If you’ve received what you think to be a phishing attempt in your work inbox, consider reporting it to your employer’s security team. Many email providers will also have an option to “report phishing” or mark a message as spam. Additionally, most organizations will have email addresses you can direct deceptive emails to. After reporting the email, always delete it.
2. Look out for spelling or grammar mistakes in email addresses or the email copy itself, or too good to be true offers, like claims that you’ve won a prize or contest.
3. Think twice before clicking links and giving personal information. Typically, genuine organizations won’t ask for you to respond to email communications with sensitive data. If you have doubts, double check with the organization’s policies before going forward.
4. Protect your devices with anti-spam, anti-spyware, and anti-virus software.
5. Take security training. An organization typically requires this of its employees, either annually or biannually. By giving it the attention it needs, you’ll learn valuable topics like preventing the loss of personal data, email and physical security, and safe browsing, among others.