Phishing Fast Facts:
In April 2019, it was estimated that 293.6 billion emails are sent around the globe each day
Statista reports that over 55% of emails sent are considered spam
The number of spam emails sent daily expected to increase to almost 190 billion a day through 2023
Phishing is the act of attempting to manipulate the recipient of a malicious email into opening and engaging with it. A sender of a malicious email intends to deceive a victim by making the email seem important and from a reputable source. These phishing emails may include harmful attachments, like PDF or Word documents, which once opened can cause harm to the user’s computer by installing forms of malware, ransomware, or other unsavory software. Phishing emails can also contain malicious links in the body that can lead a user to a fraudulent site. These sites are used to collect confidential information such as usernames and passwords, or to install malware onto a device. Once the victim’s information has been obtained, scammers will monetize the data by selling it to the highest bidder on Dark Web sites.
There are 3 types of phishing:
Deceptive Phishing is any attack by which fraudsters impersonate a legitimate company and attempt to steal people’s personal information or login credentials.
Spear Phishing is when fraudsters customize their attack emails with a target’s name, position, company, work phone number or other information in an attempt to trick the recipient into taking some action being requested by a known connection.
CEO Fraud is targeting an executive in an organization. Fraudsters attempt to isolate an executive and steal their login credentials. With these credentials they are able to perform a CEO scam. These occur when an email, seemingly addressed from a CEO or other member of senior management, is falsely created by a scammer in order to exploit the trust of employees. The imposter email seeks for the target to wire funds or share confidential information with the scammer.
So, how does one identify a phishing email? You can spot the tell-tale signs of a fraudulent email and protect your personal and business data, by staying wary of these signs:
Confirming personal information. When in doubt about an email received, call the company or person to verify its legitimacy.
Fraudulent email and web addresses. Take a closer look at email addresses as well as website addresses to verify authenticity. Hovering over an email that links to a website lets you see a site’s full URL, and from here you can determine if the website is secure and the correct destination before visiting.
Grammar. Grammatical errors and conflictive sentence structure are common in fraudulent emails.
Scenarios. Typically, phishing emails will contain some time-dependent request to ensure you act quickly and are disarmed from typical safe-guards based on the “urgent” scenario described in the email; i.e. your account will close if you don’t enter your new billing information now. When in doubt, call the company directly for verification.
Attachments. These attachments may contain a URL or trojan horse designed to compromise your system, if opened. Send these emails to your IT/security team instead of attempting to open them yourself.
Educate. Engage in teaching drills and exercises grounded in real-world everyday scenarios that test employees’ ability to detect scammers and respond appropriately to fraudulent requests. Instruct staff about the dangers of clicking on unsolicited email links and attachments, and the need to stay alert for warning signs of fraudulent emails.
Spam mail and phishing attacks can often be detrimental to an organization, these attacks can cause a breach of personal or clientele information, or a loss of funds. The best way to avoid and protect yourself from an attack is awareness and education. Knowing the different types of attacks, motives and identifying key features can help yourself and employees avoid malicious emails.
Questions about setting your business up for success? We’re here to help.
Consys Group Inc. 226-973-9208