Have you ever looked through your inbox and thought to yourself, “hmm, is this a real email? This looks kinda different.” Take a second to guess how many phishing attempts go out on a daily basis. According to researchers at Symantec, almost one in every 2000 emails is a phishing email. This means that there are around 135 million phishing attack attempts on a daily basis.
So, what is phishing?
Phishing is a fraudulent attempt to obtain a user’s sensitive information. It is done through electronic communication where one distinguishes themselves as a trustworthy individual or entity. In every phishing scenario the scammer wants something different. A successful phishing attack is when the scammer gets the victim to give them what they are looking for.
Every phishing attack will look slightly different. A basic phishing attack includes the scammer trying to gather someone’s personal information. This can include things such as usernames, passwords, credit card details or birth dates. Another type of phishing attack includes convincing the user to click on a link that leads them to a fake webpage and having them enter personal information. It was found that 1.4 million of these websites are created on a monthly basis. Another tactic that scammers use is tricking the user into downloading and installing malware, or inadvertently installing ransomware. A common way to fall victim to a phishing attack is through fake social media accounts and emails that are sent to the user over a longer period of time. With time, after continuously receiving information from the same “person” the user starts trusting the attacker and in turn accidentally gives them access to personal information.
Let’s take a look at what organizations were victims of phishing attacks
- MacEwan University in Edmonton Alberta, Canada fell victim to a phishing attack in July 2017. This attack resulted in a fraudulent transfer of $11.8 million to a bank account that the school believed was a vendor.
- Marketing campaigns for the 2016 Olympic Games were used to distribute malware leading up the event. This malware affected Brazil banks before the Olympics started in Rio.
- In 2016, the Democratic National Committee had their emails hacked and stolen.
As you can see, it doesn’t matter your position within a company or how large the organization is. At the end of the day, anyone can fall victim to a phishing email. In today’s workforce, organizations are spending time and money educating their employees on all types of cybersecurity, but specifically phishing emails. Scheduled training around these topics is something that is becoming more and more common.
Here are a few key things for you and your employees to remember when going through your inbox
- Legitimate companies will not request sensitive information over email.
- Email links and URLs should match.
- The name of the sender should also match the content of the email, as well as the email address.
- Grammatical errors or spelling mistakes are a big red flag.
- When asked to download something, most companies redirect you to their website rather than using an unsolicited attachment. If you get the feeling something about the email seems off, you’re probably right.
What should I do if I fall for it?
Most of the time, users know right away when they haven fallen victim to a phishing email. Below are a few pointers of things you should do if you find yourself a victim.
- Contact your IT support immediately to let them know.
- Change your credentials. This includes all usernames and passwords.
- In the future, set up two factor authentication.
- Disconnect your device from the Internet. This reduces the risk of malware spreading to another device.
- Scan your device for viruses including malware.
- Use caution when going forward.
Based on who you are and where you are located you should look into your local governing body as you may need to disclose what happened. It is also a good idea to let your team know!
Has my email been compromised?
Another way that your data can be compromised is when websites you’ve given your information to fall prey to phishing or hacking. You can type your email addresses at the website Have I Been Pwned to see if your email was part of any data breaches.
Someone on our staff typed in their personal email and came up with these results: