Cybercrime is a lucrative industry. In 2018, it grossed over $1.5 trillion dollars and is expected to cost over $6 trillion by 2021, according to the Official Annual Cybercrime report. Where there is money to be made, legal or not, there are people eager to make it. Phishing is one of many cybercrimes that scammers are pursuing…and they’re largely succeeding. Over 30% of phishing emails are opened and a vast number of those emails successfully secure sensitive data from their unsuspecting recipients. So what can be done? Understanding what phishing is and how to identify it as well as recognizing the well-planned strategies behind it are the best steps towards protecting yourself and your organization from its vices.
What is phishing?
Phishing is the illegal act of sending imposter emails that mimic legit emails from legit companies with the purpose of garnering personal information. This information can include passwords, credit card details, SSNs etc.
How do scammers catch their victims?
In much the same way that a fisherman baits his hook with tackle that looks like the real deal, crooks bait theirs with spam emails created to mimic authentic emails. These emails always require action on the part of the receiver (“follow this link to update your information in our system…”) and ask you to enter or confirm your personal information. Instead of a valid company on the other end, however, there are scammers ready to steal your personal information, your money and your identity.
Ways to protect yourself
Fortunately, there are numerous ways to protect yourself against phishing scams:
- Do not reply to emails that ask you to confirm or update account information
- Do not click on links within suspicious emails
- Do not copy and paste links from suspicious emails
- Do not open any attachments within suspicious emails
- Do not enter any personal information in a pop-up screen
- If you’re unsure if an email is legit or spam, go to the company website by typing it into your browser. Then login to your acct. You should see the same information you see within the email in question. This is the only way to guarantee that you are on the legitimate company website.
- Install a web tool that will alert you of suspicious emails/malware
A few things to watch for…
Watch for grammatical errors. Professional organizations have content writers who carefully compose and proof correspondences for proper grammar and punctuation. Errors of this nature are an easy way to spot spam. Also, pay close attention to how the email is addressed. Is it addressed to you personally or is it generically addressed? (i.e. Dear Valued Customer)? If you truly are a valued customer, the business should at least know your first name! One more way to spot spam is by taking a close look at links. Hover your cursor over any links in the email – do they look legit or are they “dressed up” to look legit? Use discretion. Ultimately, if you are unsure whether or not an email you receive is valid, contact the company directly through your web browser to inquire. Never interact with an email that seems “phishy.”
If you believe you’re the target of a phishing scheme, it’s important to notify authorities. While you may not have been caught in their net, there are plenty of people out there who will get snared – and at the cost of their hard-earned dollars and their identity. Forward all spam emails to firstname.lastname@example.org and send a copy of the email to the institution being impersonated so they are aware and can caution their customers. If you DO get snared, contact the Federal Trade Commission immediately. They will work to protect you against identity theft and further compromise of your sensitive information.
If you’re concerned about phishing and would like to learn more about how you can protect yourself or your business and employees, contact us at 952.279.2424.