July 18, 2024
Cyber criminals have gone phishing.
The total number of phishing attacks in 2016 was 1,220,523, which is a 65% increase over the previous year according to the 4th Quarter Phishing Activity Trends Report from the Anti-Phishing Working Group (APWG).
Phishing is posing as a legitimate company, person or institution in an email or text message to trick someone into giving financial and/or other personal information. Cyber criminals also use fake online advertising to direct victims to fake websites where username, password or financial information is required.
According to Verizon’s 2016 Data Breach Investigations Report, 30% of phishing emails are opened.
Phishing is a deceptive technique used by cybercriminals to obtain sensitive information such as usernames, passwords, and credit card details by disguising themselves as a trustworthy entity.
Typically, phishing attacks are carried out through fraudulent emails or websites that mimic legitimate ones, tricking individuals into divulging personal data.
Phishing scams are critical for businesses to monitor because they directly threaten company security and client trust.
These attacks can lead to significant financial loss, data breaches, and damage to a company’s reputation.
Partnering with a data protection expert like Shred-it can help businesses enhance their security measures, ensuring sensitive information is both securely managed and disposed of, reducing the risk of phishing-related breaches.
In the workplace, successful phishing attacks are often disguised as something an employee is expecting such as an HR document, a shipping confirmation, or an IT department request to change a password. The email may also look like it came from a work colleague or even the CEO. Always confirm these types of emails, and verify requests.
Many scams work by tricking the victim to click on a link or attachment, which then infects the computer with malware that can steal information directly or takes you to a fake page that requests private information. A recent CSOonline.com post said that 93% of all phishing emails now contain ransomware. Never click on a link or open an attachment that wasn’t asked for or expected.
Consider any email or instant message request for confidential information to be a possible hoax. Legitimate companies do not ask for confidential information like passwords and credit card numbers this way. Don't respond to links in unsolicited messages, and never give sensitive information to anyone on the phone, in person, or through email without checking the organisation is legit.
Scam emails often have misspelled URLs or the wrong domain. Hover the cursor over the URL to see the actual hyperlink. If the address is different than what’s displayed, it’s likely to be a phishing attempt.
If an email has these kinds of mistakes, it’s a scam. Businesses do not send messages without checking spelling and grammar.
An email that arrives addressed to ‘customer’ or ‘member’ may be a scam. Most organisations use proper names. Contact the organisation.
A 2017 KnowBe4 survey sent 6.6 million bogus messages to more than 2 million people to see which phishing attempts were most successful. The top subject line lure was ‘Security Alert’ – 21% of the people clicked on links inside the message. Other successful lures were ‘Revised Holiday and Sick Time Policy’, ‘UPS Delivery’, ‘Breaking News’, ‘Updated Healthcare Info’, and ‘Change of Password Required Immediately’. Ignore these alerts.
Phishing scams prey on people’s emotions. If an email arrives that threatens in some way and requires urgent action, it’s likely a scam. Confirm with the organisation before doing anything.
Listen to your gut. If an offer seems too good to be true, it probably is. Don't open the email or click on links.
To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and data security survey.