Countless phishing attempts are made every day, and with Covid-19 causing many organisations to move to remote working, phishing attacks have massively increased over the last year. In fact, last year’s Phishing and Fraud Report found that phishing incidents rose 220% during the height of the global pandemic compared to the yearly average.
What is phishing?
Phishing is a technique used by cybercriminals to steal sensitive information from individuals. Threat actors make malicious attempts to compromise users’ accounts by baiting them into false requests, then stealing personal information to use for criminal means such as identity theft.
How phishing attacks work
Anyone who uses the internet can be a target for phishing scams. Phishing is typically carried out across email, ads, or by websites that look similar to websites you already use. More recently, phishing attacks have gained momentum via telephone and SMS, often referred to as “smishing”.
Phishing scams typically try to:
• Steal your private information to access money or use your identity
• Infect your device with malware
• Gain control of your online accounts
Rise in cases during Covid-19
In April 2020, Google reported blocking 18 million virus-related scams every day. With more and more people stuck at home and internet use increasing, phishing scammers have gained a larger pool of targets. In the last year alone, attackers have impersonated the US Government, the World Health Organization and even hand sanitizer manufacturers to attempt to trick and scam users, taking advantage of the uncertainty surrounding the pandemic.
How to Recognize a Phishing Email
Nobody wants to be the target of a phishing scam, and luckily there are easy ways to avoid becoming a victim.
Phishing emails are the most well-known type of phishing attack and target millions of people every day across the globe. While they are sometimes difficult to spot, we’ve got some handy tips to help you recognise the warning signs:
1/ Keep your eyes open to any obvious mistakes. Spotting a phishing email comes down to pointing out anything inconsistent or unusual. Often emails include spelling or grammatical errors or strange requests from C-level team members. In cases where you see or sense that a message may be suspicious, always remember – don’t click anything.
2/ Pay special attention to the sender’s email address. Sometimes they use familiar names or try to replicate familiar addresses, but they actually come from an unknown source. If you’re not sure if it could be a phishing email, try to contact the person by a different method to confirm.
3/ Be on the look out for a sense of urgency in the email. It may ask you for personal information or to send money quickly, without even containing your name. Never share your personal information with unknown sources, this can be:
• Usernames and passwords
• Your birthday
• Bank account numbers
• PINs (Personal Identification Numbers)
• Credit card numbers
• Your mother’s maiden name
At Netacea we send regular phishing emails out to all staff as part of our in-house anti-phishing training to see who clicks and enters details. If an individual submits any details, they will receive further training.
This training is designed to make staff discuss the emails they’ve received between each-other and learn to question everything that they receive whether they expect the email or not.
When dealing with phishing attacks, an important piece of advice to remember is: a paranoid approach should always exist when you are being asked to click or enter details.
Netacea Bot Management takes a revolutionary approach to tackling bots, protecting websites, mobile apps and APIs from malicious attacks such as scraping, credential stuffing and scalping, to give you peace of mind that your business is protected against phishing.
Sign up for a personalised demo and find out how Netacea works alongside phishing to detect and mitigate sophisticated bot attacks.