Recently, one of the cybersecurity trade publications published a cartoon that had a storefront with a sign on the window that said “Closed. Gone Phishing”. It had a drawing of a fishing rod and reel under the copy, and to those in the IT security business, it was quite amusing – a take-off on a bygone era when people actually took the afternoon off in order to go fishing. Only to people who become victims of cybercriminals that spend their days sending out phishing emails, it’s not amusing at all.
To the uninitiated, phishing is an email scam where the cybercrook sends out large volumes of emails that are designed to steal personal and financial information from the person receiving it. It’s important to note that the cybercrooks always send out large numbers of those emails because they play a numbers game: certainly, not everyone will fall for the scam, but even if only a small percentage respond or click on an embedded link, the cybercrook will get exactly what he wanted: enough information to steal someone’s identity.
Phishing is Getting More Sophisticated
Recent figures from the FBI show just how fast phishing emails are growing. In 2020, there were more than 241,320 phishing attacks, which was almost twice the amount of 2019. And phishing emails are the fastest-growing cybercrime around. Think about this: almost 3 out of 4 companies and organizations were the victim of some type of phishing attack. And when it comes to data breaches, 43% of them were attributable to phishing attacks. That’s according to Verizon’s Data Breach Investigation Report.
So what are cybercriminals using to get their phishing emails delivered to your inbox? The bulk of them are using pdf files and Microsoft Office files. Plus, the cybercriminals are doing their homework – they’re getting more and more sophisticated in their phishing emails. Many get information from people-search sites to target their victims, because having some type of information in their email about their victim makes them credible. And according to a recent article published by OneRep, cybercrooks are using more authentic email addresses in their phishing scams, which makes them more believable to the recipient.
Most often phishing emails use an alarming subject line, including “Final Notice Before Your Account is Closed,” or “Password Reset Confirmed”. These types of subject headlines require the recipient to take some kind of immediate action, such as entering their login information or passwords. Sadly, many do – especially seniors. But at the same time, these should be immediate giveaways to those who are watching for them, because most companies would never send an email asking you to divulge any type of personal or login information. Never!
The cybercriminals go to all of this trouble for one reason: they want you to click on a link they’ve sent you, or reply to a very authentic-looking website or landing page. Unfortunately, those are spoofed, and once you click, the cybercrooks will send malicious malware to your computer that can steal all of the information you have on your hard drive. Worse yet, many cybercriminals are resorting to ransomware, where they lock your computer and will only release it if you’re willing to pay a ransom. This is a widespread problem with companies that you see in the news – but it also happens to individual computer users as well.
Watch Out – or Get Hooked!
If you know what to look for, you won’t get hooked by a phishing scam. We’ve mentioned the alarming subject lines that cybercrooks like to use, but there are many other telltale signs that the indicated email is nothing more than a part of a major phishing scam. It may start with an incredulous offer, like an investment return of 22%, or a way to “double your money in only 30-days”. Anytime you see offers like this, it’s a phishing email, and the next step is to put it in your spam folder.
Another telltale sign is topographic errors and misspellings. Most of the phishing emails come from other countries or are perpetrated by cybercrooks who don’t have English as their primary language. No credible company would send out an email that has typos or grammatical errors, so if you see one – put it into the spam folder. The links to websites that the cybercrooks place in emails will take you to an authentic-looking page, but never click on a website you arrived at using an email link. Instead, type the URL of the company into the browser. That way you’ll be assured that you’re on a “real” website, not a spoofed one.
Avoiding Phishing Attacks
Because the cybercrooks get your personal information to use in their emails from people-search sites, you need to remove all of their unauthorized personal information from those sites. This could end up being very time-consuming, but be assured that the time spent to accomplish this is well worth the effort.
Another way to avoid becoming a victim of a phishing scam is to be aware of what types of scams are going around. The FTC publishes a listing of the latest phishing attacks and having this information on board will help you avoid clicking on an email you shouldn’t. Another way to avoid scams is to always update your computer’s operating system whenever it’s made available to you – as it always has the latest security fixes that will prevent hacking and will recognize malware if an attempt to insert is made.
Following the information and suggestions listed above will help you avoid becoming a cybercrook’s next phishing victim, and let you enjoy all the communication tools available to you on your computer.