Top 6 Tips To Avoid Email Phishing Scams
Phishing attacks cost companies $5 Billion dollars globally last year. According to the Wombat 2016 State of the Phish, 85% of all organizations suffered phishing attacks last year with no signs of slowing. So how can you avoid getting netted in 2017? I have a your top 6 tips to stay safe but first, a little more on phishing.
Do people actually open phishing emails? I am asked this question at least once a day and unfortunately, the answer is always YES. According to Verizon’s 2016 DBIR Report, 30% of all phishing emails are opened by their targets. That’s a really respectable rate that rivals legitimate mailing lists! So we know that phishing attacks work exceptionally well. Why do they work so well?
Commercial Phishing Operations
Forget about the idea of a lone fisherman baiting the hook and waiting for a nibble. Phishing operations work much more like large scale fishing operations on the ocean. Huge nets are cast out and hauled hundreds of miles to catch thousands of fish, crabs, debris, etc. In the case of phishing attacks, hackers do not need to be as effective because of the relatively cheap and automated nature of mass emailing. They only need several thousand targets to open, a few hundred to click and finally a few dozen to enter a password or some other private information. That is enough to pay for the entire expedition with profit to spare once their credentials are harvested or sold on the Dark Web.
In addition to the sale of stolen social security numbers, credit card data and passwords, inexpensive toolkits can also be found for sale all over the Dark Web. These toolkits create credible emails with brands and logos that will fool unsuspecting users to open and click on attachments and links. With advancements like this, it is no surprise that in Q1 2016 saw a 250% surge in phishing attacks per APWG Phishing Activity Trends Report. A 2016 Cloudmark survey revealed that spear phishing (highly targeted phishing attacks) are the top security concern for enterprises cost an average of $1.6 million in damages.
It might sound like I’m talking about spam probably because phishing and spam share are closely related. They have different goals and criminals behind them but there is also a lot of overlap too. All unsolicited email is spam but not all spam are phishing attacks. Some spam is junk but harmless email generated by bots and other spam is legitimate but still unwanted by the recipient. All spam works to lure people into opening and naively clicking on an attachment and has become the #1 delivery vehicle for malware. Globally, over 80,000 people click on attachments containing malware, viruses and ransomware everyday.
Look But Don’t Touch
- I recommend hovering your mouse over the link embedded in the body of the email before clicking on it. Take a moment to see if the link address looks suspicious and if it does, do not click on it. Type the website address of the purported sender directly into your browser to get to your destination safely.
- Hackers often have poor spelling and grammatical errors throughout the suspect email. A real company with a solid brand will carefully check for spelling and grammatical errors, unlike hackers who are lazy and typically not native English speakers or writers.
- Businesses should never ask you for personal credentials through email. So if you receive an email asking for personal information such as your address, social security number, or anything else of a personal nature, stop and do not click.
- If the email is addressed ‘Dear Valued Customer’ or ‘Dear Consumer’, stop right there. Any business that you have registered or corresponded with will use your personal salutation including your first and last name.
- If you detect a sense of urgency in the email, take your time and be careful. For example, when you see the subject line claiming ‘your account has been suspended’ proceed with caution. When an email invokes a sense of urgency, it instills fear in recipients in an effort to make them click before thinking.
- Hackers are getting better at using convincing brands an logos in an effort for you to let down your guard down and innocently click away. Just because you see a familiar logo does not mean you should be at ease the same way you would if you were in their retail store or on their website.
- Stalking has never been easier so let’s change that - 02/08/2023
- This is why nobody is allowed a cell phone in classified debriefings - 11/18/2022
- Death of the VPN: A Security Eulogy - 08/24/2022
Leave a Reply
You must be logged in to post a comment.