Do you know that, Google blocks around 100 million phishing emails daily? Millennials and Gen-Z internet users are most likely to fall victim to phishing attacks. 83% of UK businesses that suffered a cyber attack in 2022 reported the attack type as phishing. It is the most common cybercrime, and the average cost of a data breach against an organisation is more than $4 million. You can find more such scary statistics here. Anyway, we just wanted to show you why it is important for you to be aware of phishing and its impact before providing you with some tips to protect yourself from it.
What is phishing?
Phishing is an attack wherein the attacker exploits social engineering techniques to steal data. Cybercriminals send spam messages containing malicious links, designed to get targets to either download malware or follow links to spoof websites. Phishing traditionally functions by sending forged e-mails, mimicking an online bank, auction or payment sites, and aims to collect sensitive and personal information such as usernames, passwords, credit card numbers, and even money by impersonating a legitimate entity in cyberspace.
What are the different types of phishing?
There are several types of phishing attacks. We have described some of them below.
- Spear phishing
Spear phishing is a highly targeted form of phishing specifically designed to deceive a specific individual or organisation. Spear phishing attacks involve significant research and effort to personalise the message for the intended victim. This makes them much more credible and convincing, increasing the chance of success. - Whaling
Whaling attacks are aimed specifically at high-profile individuals or executives within an organisation. Like traditional whaling, which hunts larger prey, these attacks focus on individuals with greater access to sensitive information and resources, making them potentially more damaging. - Smishing
Smishing is a type of phishing attack that specifically targets victims through SMS text messages. It’s like traditional phishing, but instead of using emails, attackers use text messages to try and deceive you into giving up personal information, clicking on malicious links, or downloading harmful software. - Vishing
Vishing, short for voice phishing, is a type of phishing attack that uses phone calls or voicemails to trick individuals into revealing sensitive information or taking harmful actions. Similar to phishing emails, vishing attempts aim to exploit trust and urgency to manipulate victims.
How can you recognise a phishing email?
- The Urgency to Act Quickly.
The criminals create a sense of panic to rush you into clicking malicious links or revealing personal information. For example, consider an email that asks a user to respond immediately or they could miss out on a desirable item, such as a gift. “Act now or miss out!” or “Your account will be deleted!”, These are some of the common types of wordings used by these criminals. - Too Good to Be True
Offers that seem unrealistically good, like winning millions in a lottery you never entered, are likely scams. Remember, if it’s too good to be true, it probably is a scam or a phishing message. - Suspicious Attachments and Links
Clicking on unknown attachments or links in emails can lead you to a nightmare. They can download malware or lead you to fake websites designed to steal your information. - Requests for Personal Information
Legitimate organisations rarely ask for sensitive information via email. Be cautious of emails requesting passwords, account numbers, or personal identification details. - Generic Greetings
Phishing emails often use generic greetings like “Dear Customer” instead of your real name. However, recall that we mentioned individualised phishing emails earlier. Therefore, you should be aware of such emails as well.
How can we ensure our safety?
- Verify the link
Before you click on a link, place your cursor over it to view the real URL. If the address doesn’t align with the domain of the sender or appears dubious, refrain from clicking! - Verify the Sender
Be sceptical of email addresses without taking them at face value. Watch for incorrect spellings, strange domain extensions, or unfamiliar senders. If in doubt, reach out to the company via a reliable method, such as their official website or a known phone number. - Report Phishing.
If you receive a suspicious email, report it to the sender’s legitimate email address and mark it as phishing/spam. This helps train phishing/spam filters and protect others. - Using Spam Filters
Spam filters are designed to identify emails that attackers or marketers use to send unwanted or dangerous content. They use specific filtering methods to identify the content of emails or their senders and then flag the email as spam. Email services such as Gmail and Outlook have their own spam filters. However, if you want you can use additional filters. We have listed some of the reputable spam filters as follows. However, make sure you review them yourselves before using them.- TitanHQ – TitanHQ best-in-class SaaS cybersecurity platform delivering a layered security solution for email protection and DNS security.
- Spambrella – Spambrella provides advanced email security with real-time threat protection. 100% SaaS (nothing to install). Malware & phishing protection, email continuity, email archiving and encryption.
- Topsec Email Security – Topsec Email Security is an advanced and comprehensive cloud-based managed email service that eliminates spam, viruses, and malware and quarantines undesirable and/or illicit content according to customer requirements.
- Zerospam – Zerospam is a cloud-based email security protection providing an unparalleled, AI-powered filtering technology, engineered by experts to be highly accurate and remarkably simple to use.
- Educate Yourself and Others.
Stay informed about the latest phishing tactics and share this knowledge with friends, family, and colleagues. If you have read up to this point, it means you are already doing this. Make sure you educate your friends and family on what you learnt here. Sharing this blog would be a first step. 😉
Remember, vigilance is your best bait against phishing attacks. By staying sceptical, practising safe online habits, and reporting suspicious activity, you can navigate cyberspace with confidence, leaving the phishers to cast their lines in vain.
