Phishing, in Troubled Waters: What the Numbers Say
Phishing (pronounced exactly like “fishing”) is a real nuisance to the cyber world. The internet is swarming with cybercriminals literally “fishing” for sensitive information like passwords and financial data. Some criminals even go to the extent of threatening companies through malware or blackmailing them to make wire transfers.
The latest statistics about phishing tell a grim tale.
- Verizon Enterprises’ 2021 Data Breach Investigation Report states that phishing is one of the most prevalent cybercrimes, causing 36% of data breaches.
- APWG’s Phishing Activity Trends Report states that phishing activities remained steadily high in 2021, with a growing trend for phishing attacks on cryptocurrency companies.
- Cofense’s Phishing Review for Q3 2021 reports that 93% of data breaches involve phishing attacks by keyloggers and information stealers.
The evidence is out there. Need we say more? A phishing attack can come disguised as a simple, irrelevant email. Such emails are like the proverbial “Pandora’s Box.” Open it, and all hell breaks loose. You must know how to identify the most common phishing emails to protect your corporate information from hackers.
But, first things first. Let’s explore what email phishing is.
Email Phishing & its Types: A Closer Analysis
Going by its definition, email phishing is a cybercrime where hackers steal sensitive information from users and organizations.
Experts offering cyber security solutions say that phishing emails are like the “wolf in sheep’s clothing.” They are difficult to spot amongst the hundreds of emails that you or your company receive on any given day.
How do you identify a phishing email? Essentially, your alarm bells should go off when you spot a suspicious email from a legitimate source like PayPal, Amazon customer support, etc. You should also be wary of emails from similar, well-recognized organizations.
Phishing emails “fish” for information like:
- Date of birth
- Bank account details
- Social security numbers
- Credit card details
- Phone numbers
- Passwords
- Residential address
- Information to reset passwords
Most often, phishing victims respond to such disguised emails without a second thought because they trust the source of information. Besides, many phishing emails come with “requests” that goad unsuspecting victims to take action. Some of the common “requests” are to:
- Click an attachment
- Update a password
- Accept a social media connection request
- Use a new wi-fi connection
- Enable macros in Word document
Once you’ve disclosed this information, the next thing that happens is that cybercriminals use this information to impersonate you and unleash a series of fraudulent activities. They can open bank accounts in your name, steal money from your account, and even launch a targeted cyber attack to gain more information about you.
Some of the common types of email phishing are:
Deceptive Phishing
Widely recognized as the most common phishing scam, deceptive phishing happens when fraudsters impersonate an organization by stealing login credentials and personal data. Deceptive phishing emails are commonly identified by:
- Fake domains falsely represent a genuine organization and send out thousands of generic requests. The most common domain could be an impersonation of your bank asking you to click on a link to verify your account details.
- Redirects and shortened links to fool SEGs or Secure Email Gateways.
- Modified brand logos to use in attack emails.
- Legitimate links to evade detection from email filters.
- Minimal email content by using deceptively minimal content to evade detection.
Spear Phishing
Symantec’s 2019 Internet Security Threat Report indicates that spear-phishing emails are used by nearly 65% of cybercriminals who plan targeted cyberattacks. In this phishing attack, they cleverly customize their emails with the following details:
- Name of the target
- Position in the company
- Contact details
The receiver is tricked into believing that they know the sender, and they open the email.
Whaling
If you are a senior executive, you should be aware of whaling emails. Cybercriminals use whaling emails to disguise themselves as top executives and lure unsuspecting junior executives into doing them a favor. Whaling emails are increasing in both numbers and in sophistication. So, top executives, beware!
The next segment in our blog highlights the most common type of phishing email. This list will help you identify and avoid opening malicious emails that can potentially destroy your organization.
6 Common Examples of a Phishing Email
1. Be Wary of PayPal Account Deactivation Scams!
PayPal has more than 200 million users worldwide, making it a prime target for cybercriminals to misuse the millions of bank accounts linked to this platform. A fraudulent email from PayPal will alert you that your account has been compromised. The mail will further state that your account will be deactivated unless you confirm your credit card details.
Other “clever details” to watch out for are the very believable PayPal logo and the fine-print paragraph at the bottom of the page.
What not to do: Never click on the link in the mail. It will lead you to a fake PayPal website, and the stolen information will be used to commit more crimes.
2. Caution Ahead: Google Docs Login Scams!
Did you know that cybercriminals can create a fake Google Docs login page and send phishing emails to unsuspecting users? Experts say that the fake Google Docs page is similar to the authentic Gmail login page. So, do watch out for what you click on!
3. Keep a Look Out for Emails from Company’s HR or Support teams!
A seemingly innocent HR email may come with a simple link. Once you click on this link, it will automatically install malicious software onto your computer or mobile device. Likewise, your employees may also receive a similar email asking them to install new software.
What to do: Crosscheck the email source before clicking on any link.
4. Be Alert for Email Account Upgrade Scams
Some of the most common account upgrade emails can come from trusted sources like Microsoft and Google. Here again, a link will redirect the user to malicious software, but the email itself will not have any suspicious stand-out grammatical errors or requests.
5. Watch Out for Transfer Funds Scam
There are two ways scammers use phishing emails to make users transfer funds into their accounts. One way is to extort employee bank details by offering them large sums. Another way is to send an emergency email disguised as if it is from the company CEO to a gullible employee. The email will ask the employee to help transfer funds to a foreign partner on behalf of the CEO to secure a new partnership.
6. Look Out for Dropbox Scams
Dropbox’s immense popularity has given rise to many cyber scammers who send phishing emails with large files. The mail will also have a link goading the user to “click on it” when they find that the file is too large. Most users fall prey to such phishing emails because they trust that the mail is from Dropbox.
There’s no stopping cyber criminals. These people are extremely talented and well-versed in using software and tech tools to commit digital fraud. Besides, email accounts are hotbeds for such fraudulent attempts. The only solution here is to raise awareness about phishing emails and know how to identify fraudulent emails from genuine ones.
General Tips to Protect Yourself Against Phishing Emails
- Be extra cautious about emails from unknown senders. Never click on suspicious links unless the mail is from a trusted source.
- Inspect all URLs to see if they lead to a suspicious website.
- Look out for grammatical errors, spelling mistakes, and general salutations.
- Be aware of unexpected money deposits or money request notifications.
Most phishing scams are targeted at organizations. Here’s what you should do to protect your company and employees:
- Conduct employee security awareness campaigns, digital training, support sessions, etc., to update your employees on such cyber crimes.
- Discourage employees from publishing sensitive, classified corporate content on their social media profiles.
- Invest in software that analyzes incoming emails for malicious links and attachments.
- Make it mandatory for all employees to undergo security awareness training campaigns regularly.
- Implement Multi-Factor Authentication (MFA) channels to authorize financial payments via email.
Protect & Secure Your Network with CMIT Solutions, Tempe
Reach out to CMIT Solutions Tempe, and stop worrying about digital security breaches. Without top-of-the-line network monitoring, we can help you thwart global risks and threats to your business. Contact our team to discuss your requirements. Get the CMIT expertise today!
