On the Line: Avoid Phishing Attacks at Home and at Work
Your email is more dangerous than you think. One wrong move, and you’ll be snagged by phishing attacks. Hook, line, and sinker.
One of the most common tricks that cyber criminals have up their sleeves is phishing. By disguising themselves as someone you know or an entity that you trust, such as the IRS, cyber criminals attempt to trick their target into giving away sensitive data. This could be anything, from information for a bank account or access to a business’s confidential files. Once they’ve tricked you,
A classic example is the “Nigerian Prince” scam. Basically, people receive an email from someone claiming to be a Nigerian Prince who has been kidnapped, imprisoned, or otherwise incapacitated. Then, of course, they request money to help them get out of the situation, promising to pay back the victim with unimaginable amounts of wealth. Once the victim sends out their bank information for the transfer to be made, some stranger (who is definitely not royalty) has access to your accounts.
More recently, though, phishing attacks have become even more subversive. Often, instead of posing as a stranger, hackers will create email addresses that are strikingly similar to that of someone you know. For example, if your employee’s address is firstname.lastname@example.org, the cyber criminal might create an account listed as email@example.com. If you’re not paying close attention, it’s easy to miss that small difference and leave yourself and your company vulnerable.
Taking the Bait: Facts on Phishing
Cyber criminals do everything they can to get your information. If you’ve been the victim of a phishing attack, you’re not alone. Many other cyber crimes begin with an attempt at phishing.
- Every day, 156 million phishing emails are sent out. Hackers like to cast a wide net, sending out as many emails as they can in a short period of time. In doing so, they are creating more favorable odds that someone is going to fall for their tricks. Of that 156 million, only 16 million actually make it through the filters.
- 8 million people open phishing emails. 800,000 (10%) of those actually lure people into clicking a link or downloading an attachment. 10% of those that click the links follow through and share personal information. That means that 80,000 people fall for a phishing scam everyday.
- According to the Verizon Data Breach Investigations Report, 66% of malware is installed because of phishing attacks that include an email attachment. Additionally, 90% of all data breaches include some form of phishing, whether through phone, email, or other means of communication.
- The Kaspersky Lab 2016 report notes that almost half of phishing attacks are specifically aimed at obtaining financial information and money from the victim.
- 1 in every 1,846 emails is a phishing email
- The most common methods for phishing include fake bank notifications, fake e-payment systems, email providers, social networks, and online games. The links look legitimate, but may ask you to login to your Facebook, email, or bank. Instead of actually signing you into the seemingly legitimate account, the hacker steals and stores your information, often without your knowledge.
Staying Safe from Phishing Attacks
Hackers who use phishing attacks are skilled at finding just the right nuances and designs to make their attempts to scam you seem legitimate. No longer are misspelled words and obvious grabs at your private information enough to pass through spam filters. That makes it even more difficult to stay protected, but there are measures you can take:
- Pay very, very close attention to the whole context of the email. It’s impossible to perfectly fake a phishing attempt, simply on the basis that they cannot have the same email address as another person within your email pool. If a message is asking you for money, banking information, passwords, or any changes to your credentials, stop and think about whether or not the email you’re receiving even makes sense, as far as the reason that you’re receiving it.
- Use two-factor authentication for all credentials. It requires your typical password, along with another device, such as a cell phone, that must be used to verify the login attempt. If, for some reason, you or your employee’s credentials are compromised, hackers won’t be able to get past the second layer of protection.
- Train your employees on the right ways to handle phishing attacks. Some attacks, known as “whaling,” involve directly targeting a CEO or other executive. The cyber criminal will use social media to cater to a specific type of attack towards you, often using your employees to help them gain access to your high-security data. Through education and examples, you can help your employees avoid allowing in phishers in the first place.
- Work with an IT security team that can handle your particular security needs. At Verus, we believe that the more layers of security – on the perimeter, inside the network, and at the user level – the better protected you will be. Verus offers specific IT security products to help protect your valuable data, and is also provides IT Security Audits of your networks to help recommend specific things you can do to better secure your infrastructure.