January 29, 2018
Cyber criminals have gone phishing.
The total number of phishing attacks in 2016 was 1,220,523, which is a 65% increase over the previous year according to the 4th Quarter Phishing Activity Trends Report from the Anti-Phishing Working Group (APWG).
Phishing is posing as a legitimate company, person or institution in an email or text message to trick someone into giving financial and/or other personal information. Cyber criminals also use fake online advertising to direct victims to fake websites where username, password or financial information is required.
According to Verizon’s 2016 Data Breach Investigations Report, 30% of phishing emails get opened.
‘Recognized’ sender: In the workplace, successful phishing attacks are often disguised as something an employee is expecting such as an HR document, a shipping confirmation, or an IT department request to change a password. The email may also look like it came from a work colleague or even the CEO. Always confirm these types of emails, and verify requests.
Attachment or a link: Many scams work by tricking the victim to click on a link or attachment, which then infects the computer with malware that can steal information directly or takes you to a fake page that requests private information. A recent CSOonline.com post said that 93% of all phishing emails now contain ransomware. Never click on a link or open an attachment that wasn’t asked for or expected.
Personal information request: Consider any email or instant message request for confidential information to be a possible hoax. Legitimate companies do not ask for confidential information like passwords and credit card numbers this way. Don't respond to links in unsolicited messages, and never give sensitive information to anyone on the phone, in person, or through email without checking the organization is legit.
Wrong address: Scam emails often have misspelled URLs or the wrong domain (.com not .gov). Hover the cursor over the URL to see the actual hyperlink. If the address is different than what’s displayed, it’s likely a phishing attempt.
Spelling and grammar mistakes: If an email has these kinds of mistakes, it’s a scam. Businesses do not send messages without checking spelling and grammar.
Generic salutation: An email that arrives addressed to ‘customer’ or ‘member’ may be a scam. Most organizations use proper names. Contact the organization.
Important alert: A 2017 KnowBe4 survey sent 6.6 million bogus messages to more than 2 million people to see which phishing attempts were most successful. The top subject line lure was ‘Security Alert’ – 21% of the people clicked on links inside the message. Other successful lures were ‘Revised Vacation and Sick Time Policy’, ‘UPS Delivery’, ‘Breaking News’, ‘Updated Healthcare Info’, and ‘Change of Password Required Immediately’. Ignore these alerts.
Threats: Phishing scams prey on people’s emotions. If an email arrives that threatens in some way and requires urgent action, it’s likely a scam. Confirm with the organization before doing anything.
Amazing offer: Listen to your gut. If an offer seems too good to be true, it probably is. Don't open the email or click on links.