phishing attacks have been around for years, but today’s cybercriminals are adept at using them in an ever-increasing variety of ways to get what they want. According to the most recent FBI figures, phishing and its variants was the third most popular cybercrime type in 2017, representing nearly $30m in victim losses.
The bad guys want your personal information to commit ID theft, or else they need you to click on a malicious link/open a malware-laden attachment to hijack your bank account, lock your PC with ransomware, bombard your screen with ads and more. So how do you fight back?
The answer lies with a combination of technology and user awareness. There are tools you can use to filter a great volume of phishing attempts, but a few will always sneak through, and it only takes one misplaced click to land yourself in trouble. That’s why the frontline in the war on phishing messages ultimately lies with improved user awareness.
Don’t get caught out
So, what should users look out for? Phishing messages come in a variety of flavors, but here’s a typical email scam purporting to come from the IRS:
Tell-tale signs of a scam:
- From field: is the ‘sender’s’ email address familiar? Does it look made up? Is it consistent with the purported sender of the email? Does it appear different if you hover over it with your cursor? All of these could indicate a phishing attempt. To field: If the sender addresses you generically as ‘user’ or ‘customer’ or ‘recipients,’ in this case, this should be a warning sign.
- Date and time: Was it sent at an unusual time; that is, not during normal ‘business’ hours?
- Subject line: Phishing emails often try to create a sense of urgency to hurry you into making a rash decision. Words like “urgent,” “immediate” and “important” are not uncommon.
- Body: The content of the message often contains spelling and grammatical mistakes and continues with the sense of urgency to get you to click without thinking.
- Link/attachment: Phishing emails will try to trick you into clicking on one of these, as with ‘Update Now,’ either to begin a covert malware download or to take you to a legitimate-looking phishing site to fill-in your details.
How do I stay safe?
- Learn to recognize all the tell-tale signs of a phishing message. Avoid clicking on any links or opening attachments from unsolicited emails.
- If you need to double-check, contact the company that supposedly ‘sent’ you the email to see if it’s genuine or not, or go directly to the website (e.g., online banking) to log-in. Again, do not use the links provided to go there.
- Your default attitude when you’re online should be “suspicious.”
- To learn more about phishing, you can also go to org. The site provides a wealth of more information on the types of phishing you may encounter, what you can do to prevent being taken-in, and includes further resources for study.
We’re all exposed to phishing attacks on a near daily basis, whether at work, out and about, or at home. But armed with an understanding of what to look out for and the right tools in place, you can keep your data under lock and key, and your identity and finances safe from harm.