In 2019, one of the executives at Microsoft received an email which appeared to be coming from one of the company’s top managers. He knew the person’s name, and the email looked just like other emails the company sends out internally. The only problem was that it wasn’t real; it was a phishing emails, and the executive took the bait and clicked to download an alleged “confidential document”. Doing this uploaded malware into the system, and the cybercrook who orchestrated this scheme was able to retrieve sensitive company data prior to the intruder being discovered.
While this was a notable incident because it happened within Microsoft, it certainly wasn’t the only one that happened. According to the FBI, phishing email attacks increased significantly, going from 114.702 incidents in 2019 to 241,324 in 2020 – almost doubling the previous year’s number. In fact, phishing emails have become the biggest type of cybercrime today. More than 75% of organizations and companies in the US have experienced some type of successful phishing attack, and 43% of data breaches were the result of phishing attacks. The need to protect yourself from phishing emails has never been greater.
Don’t Take the Bait
So, the big questions are what is phishing email and why are you getting it? A phishing email looks like it’s coming from a real source. It may look like a company’s website or landing page, or a form that looks “official”. The problem is that with today’s spoofing technology, a cybercook can duplicate a company’s website and make you think that you’re actually replying to the real site. Unfortunately, you’re not.
Many times the phishing email will tell you that there’s a problem with your account, or that a charge has been made on your account that needs to be verified. In order to fix the “problem” you’re required to enter your login information to “make sure it’s really you”. Those are the big giveaways, and if you click on their link and enter any information that is requested, you’ve just given the cyberthieves the information needed to hack your account. And that can lead to identity theft.
Most companies will never ask you to “verify information” about passwords or names through an email. If they are requesting this, call the company and explain the situation. Or, simply enter the company’s web address on your own and log in. Never use the links that are provided in the email.
And why are you receiving these phishing emails? Cybercrooks send out thousands and thousands each day, working on a numbers game. If enough emails are sent, there is bound to be a certain percentage of people who will take the bait. And the sad fact is that the cybercrooks don’t need many in order to steal money and be profitable. You just want to be sure that you’re not one of the people who get reeled in.
Spotting Phishing Emails
You don’t have to be a cybersecurity expert in order to spot a phishing email, because most cyberthieves who send out those phony emails follow the same patterns and make the same mistakes. It all starts with the subject line, which is designed to capture your attention using urgency and fear. Words like “Immediate Attention Required”, or “Account Breach Detected” are often used. Others use “Immediate password change required” to get you to continue reading in order to find out “why”.
Next up is the message. Most people will want to review the message to see if it’s in fact “real”, and if it looks official and if they have some personal information about you that was taken from the Internet, you’ll think the email is credible. Plus, if the email address line looks like it’s real it also helps you believe the email is authentic.
The payoff is the “attachment” or link to the “official website”. This is what the entire email was designed to do, which is to get you to click on the link or download the attachment. It will trigger a download of malware or take you to a poofed site. Avoid this at all costs!
Avoiding Phishing Emails
If you find that you’re receiving phishing emails, it means that you’re on the cybercrook’s email list and you’ve joined many others who have become targets. There’s no “one reason” for this, but a constellation of factors that have put you on the list. The key is to minimize the different ways your name was selected and prevent it from appearing again.
Start by removing unauthorized personal information from people-search sites, where a lot of your personally identifiable information is kept and sold. This is where cybercriminals go to get names and the various personal and financial information that can make their emails seem real. There are over 100 people-search sites, including ZoomInfo, US Search and Pipl. Each one has their own unique way of deleting information and opting out, so it could take a lot of time to complete this, but be assured that it’s worth the time and effort to get it done.
Another tip that most people overlook is to continually update your operating system whenever you receive a notice that one is available. For whatever reason, most people ignore the notices that they receive, but it’s critical to install the latest version whenever it’s offered. The reason is that developers continually provide security updates to their operating system software, and that’s one of the best ways to keep hackers out.
Here’s something else to remember: always pay attention to notices about phishing attacks, because by staying current you won’t inadvertently fall for one of the latest scams occurring on the Internet. The FTC has listings of the latest phishing attacks and provides a place to report one if you happen to receive an email.
By following the suggestions listed above, you can help protect yourself from becoming the next phishing victim.
How to Protect Yourself from Phishing Emails
How to Protect Yourself from Phishing Emails
In 2019, one of the executives at Microsoft received an email which appeared to be coming from one of the…
7 Tips on Choosing Drones Online for New Users
The drones industry appeared out of nowhere as if you didn’t even hear them flying up behind you! Well, in…