Phishing is the most common type of cyber-attack, where scammers create fake websites or emails that look legitimate to deceive people into giving away their personal information. These phishing attacks are commonly carried out through email, text, and phone calls. Scammers then use stolen credit card numbers or other sensitive information to steal money or identities or to carry out other malicious activities.
While some phishing attempts may appear unprofessional with lousy grammar or strange URLs, these cybercriminals don’t necessarily need to be sophisticated. Scammers rely on a volume of attacks and only need to trick a small percentage of victims to achieve their goals.
According to Station X, cybercriminals send an estimated 3.4 billion emails a day. These impersonation accounts add up to 1.2% of all global email traffic.
How to Recognize and Avoid Phishing Scams
Types of Phishing
Scammers implement many phishing attack techniques and often combine multiple types into one attack. Recognizing the tactics used by scammers in phishing attempts is the first step to protecting yourself and/or your company from an attack.
The most common types of phishing scams are:
Email Phishing
Phishing emails are the most common phishing attack, where the attacker sends a generic email that appears to be from a trusted source requesting sensitive information or urging the recipient to click on a malicious link. These ‘trusted sources’ can be from fake senders posing as large, trusted companies like Netflix, LinkedIn, Amazon, or even your bank.
Spear Phishing
This is a targeted phishing attack where the attacker researches the victim’s personal or professional information to create a tailored message that appears to be from a trusted source. These usually come in an email and include the victim’s place of employment, job title, name, and address.
Station X reports that Spear Phishing campaigns only account for up to .1% of all email-based phishing attacks but are responsible for 66% of all breaches.
Whaling
A whaling phishing attack targets high-profile individuals, such as CEOs, CFOs, or other executives, to steal sensitive information or money. In this attack, the attacker typically poses as a trusted source, such as a bank or a colleague, and requests the target to provide confidential information or perform a wire transfer. The term “whaling” refers to the fact that the attackers are going after the “big fish” in the organization.
Smishing and Vishing
Smishing is a type of phishing that occurs over SMS or text messages. The attacker sends a text message that appears to be from a trusted source, requesting sensitive information or urging the recipient to click on a malicious link.
Vishing is a type of phishing that occurs over the phone. The attacker calls the victim and poses as a trusted source, such as a bank or credit card company.
Angler Phishing
In this type of attack, the attacker creates a fake social media profile, often using the name and photo of a real person, and sends friend requests or messages to potential victims. They may also post links to malicious websites on public forums or social media groups.
How to Recognize a Phishing Attempt
Unfortunately, phishing attempts often coincide with current events and are designed to take advantage of our fears and desires. Phishing attempts evoke a sense of urgency that prompts us to act quickly without taking the time to consider the consequences or research the message’s authenticity.
The Federal Trade Commission (FTC) offers some example scenarios of a phishing attempt:
- The sender claims there is suspicious activity or login attempts on your online account
- The sender states that there was an issue with your payment information
- The sender asks you to confirm personal and/or financial information
- The message includes an invoice or link you don’t recognize
- The sender claims you are eligible for a refund or free stuff
Other signs of a phishing attempt can include:
- A generic greeting (Hello User, or Dear…)
- Spelling and grammatical mistakes
- Email addresses or phone numbers you do not recognize
- If the message invites you to click on a link to update payment information.
It’s important to remember that genuine companies typically don’t send emails or text messages with links asking you to update your payment information.
How to Avoid a Phishing Attack
Identifying the common signs, as laid out above, is a great start to protect yourself from phishing. After all, 95% of all cybersecurity issues can be traced to human error according to the World Economic Forum. Other general cybersecurity best practices, such as utilizing spam filters, installing security software on your computer, and regularly updating your devices, will help.
- Avoid opening or responding to questionable emails. If you have an account with the sender, contact the company or individual directly using contact information you know is real. Do NOT respond to the message.
- Do not click on suspicious links or pop-up ads. In a business setting, if you need clarification on the legitimacy of a message’s details, you can ask your IT department for help
- Do not send financial information through email. Banks and credit card providers will never ask for sensitive information such as bank account numbers or social security numbers through email.
Please read our blog here for general cybersecurity best practices in a cloud environment
Additionally, many places of business require training on phishing attempts and require multi-factor authentication (MFA) for its users. Multi-factor authentication requires extra credentials to access sensitive information making it harder for scammers to log in.
Report a Phishing Attempt
If you received a phishing attempt, reporting the attack can help fight scammers. If you received an attack using a device for work, report the incident to your IT department.
If you received an email attack on a personal device, you could forward the email to reportphishing@apwg.org (Anti-Phishing Working Group).
If you receive a phishing text message, you can forward the text to SPAM (7726).
You can additionally file a report to the FTC at ReportFruad.ftc.gov
What To Do if You Fall Victim to a Phishing Scam
After reporting the incident to the correct authority, follow their suggestions/guidelines on proceeding. If they do not offer this suggestion, report the scam to IdentifyTheft.gov and/or contact the company that was spoofed directly to secure your accounts.
If you believe you clicked on a malicious link or attachment, update your device’s security software and remove anything identified as a problem.
Using the information above, individuals can identify common phishing attacks. However, the harsh reality is that we can only spot some attacks as scammers constantly evolve their techniques. To keep you and your data safe, conduct regular security awareness training and regularly test your infrastructure for vulnerabilities to mitigate risk.
Comprehensive Security Solutions
At IP Pathways, we understand the security risks of a cyber-attack. In partnership with Tenax Solutions, an IP Pathways Company, we are happy to offer security and compliance services to uniquely support you and your team. Our experienced engineers will work with you to understand your goals and provide custom solutions that cater to your needs. We offer various security services, including risk management and assessment, penetration testing, offensive security, and remediation services. IP Pathways can also implement backup as a service, managed Cisco Duo, and firewall as a service to develop a holistic security solution. Check out our complete list of services here and contact us today!
IP Pathways
Cloud Services | Managed Services | IT Solutions | IT Consulting
At IP Pathways, we understand how difficult it is to scale on your own. But what if you could move past the issues currently holding you back? Good news–you can! We identify opportunities in your organization to leverage technology to spark greater growth starting now. Our tailored solutions turn IT into a strategic investment rather than a cost center. With the right tech, you can move faster, innovate, and gain a competitive edge.
Our engineers have deep technical expertise and experience. They architect, implement, monitor, support, and manage custom technology solutions for organizations using only the highest-quality and best-in-class systems. As a result, projects are completed on time and within budget, ready to deliver the results you need to fuel your organization forward. Contact Us