How to Avoid Phishing Scams: Knowledge and Best Practices

Phishing scams are one of the most common forms of cybercrime that hackers use to gain access to a company’s network. A 2017 Phishing Trends & Intelligence Report found that more than 91 percent of all phishing attacks in 2016 targeted the financial, cloud storage/file hosting, webmail/online, payment services, and e-commerce industries. The volume has increased by 33 percent from last year’s report.

The simple nature and success rate of cybercrime characterize email scams as the foremost method by which hackers transmit malware. Hackers have gotten better at detecting which companies are likely to fall for scams that result in the extraction of account information and basic personal data.

Why the increase?

The increase is predominantly due to users reusing their usernames and passwords, instead of creating unique ones – think “password reuse attack.” It is estimated that 73 percent of online accounts are guarded by duplicated passwords. By reusing such data, parallel accounts are made more accessible and become easy targets for hackers.

3 Popular Phishing Scams

• Mass-scale phishing: This attack doesn’t target a specific person, but instead, attempts to access all sensitive information belonging to anyone internally.

• Spear phishing: These emails are personalized and appear to come from the recipient’s acquaintance, for example, a colleague or business manager.

• Whaling: This threat specifically targets a small number of corporate executives and high-value employees.

Phishing scams are continuously evolving. With the proliferation of social media use for customer service support by banks and big corporations, hackers are taking advantage of targeting users via something called angler phishing: the use of social media to set up fake profiles that look like the pages of other customer support companies. When a user leaves a comment, they are provided with a link to a phishing site that asks for login information. If a user follows the instructions, hackers gain access to their personal data.

Spotting phishing scams. Advise your teams on effective mitigation techniques.

Training your teams on the best ways to mitigate the risks of scams.

• Keep an eye out for email addresses with unknown sender names.

• Beware of Reply to email addresses. When this section is different from the sender’s name, it is most likely a suspicious email.

• Get in the habit of hovering when it comes to links. Make sure to hover over a link to see if the address is the same as it appears when typed. If the link destination is different, don’t click – URLs and email attachments can be malicious.

• Proceed with caution when asked to provide account or login information – it may be a fake site.

• Be wary of attachments from unrecognizable companies.

Many times, it happens that hackers take advantage of goodwill and use phishing emails to ask for donations. Advise your employees that such emails frequently present threats and a sense of urgency to intimidate end users. Your employees should remain vigilant and recognize emotionally exploitative emails.

Phishing is constantly evolving to adopt new forms and techniques. Conducting random internal phishing tests to see if your employees fall for phishing scams is an effective way to prepare them for cybercrime. When you encourage employees to take part of security awareness programs and attend events on the subject, you empower them against cybersecurity threats.

By analyzing vulnerable areas, setting clear objectives, and establishing metrics, you can reduce the risk of phishing and increase the level of safety within your company. These are simple techniques that you can use to empower your employees.

Are you prepared to protect your organization against such scams? Education is critical in today’s cybersecurity age.

 

---