Phishing is a popular sport among cybercriminals. According to Symantec, 65 percent of hackers utilize phishing as their primary infection vector, while Verizon’s 2020 Data Breach Investigations Report found that 22 percent of all breaches in 2019 involved phishing. The problem has only gotten worse in 2020, as industrious hackers are taking advantage of the COVID-19 pandemic to prey on and exploit our fears. So, what exactly is phishing and what can you do to protect yourself and your data?
Phishing for a Potential Victim
Phishing is a form of cybercrime by which bad actors target their prey via email in the hopes of duping them into sharing sensitive information such as passwords, account numbers, etcetera. They are phishing for data from innocent victims that they can use for their benefit. The hackers pose as legitimate, trusted companies or institutions such as a bank, insurance company, or even an employee of their own organization. They send authentic-looking emails that can deceive recipients into believing they are genuine correspondences from these entities so they will comply with the request and provide the data the hackers are looking for. For example, you’ll receive an email purporting to be from PayPal insisting you need to click on a link and update your password, which requires you to enter your username and password. A successful phishing email that obtains confidential or identifiable information can lead to financial loss or identity theft.
How to avoid getting hooked
Cybercriminals have become very adept at creating emails to masquerade as someone you trust so you’ll let your guard down. To avoid taking the bait, you must be diligent and cautious when going through your emails, taking care to avoid clicking on links, opening attachments, or providing the requested data unless you’re absolutely sure of who the sender is. Some of the things to look out for in a phishing email include:
Typos in the company domain – Always check the domain of the email address before taking it seriously. If your email came from support@amizon.com you can be assured it is not an authentic correspondence from Amazon.com. When in doubt, compare the domain in the email address to that in the company’s actual website URL.
Do I know you? – Let’s say you have a client you work with regularly but receive an email from someone claiming to work for that organization you’ve never heard of. That should be a red flag for you. Follow up with someone you do know from that company to make sure this person is authentic.
If it seems too good to be true, it probably is – Is someone emailing you to say you’ve won a prize or giveaway for a contest you didn’t enter? Someone is likely using the lure of a lavish reward to get you to let your guard down.
Suspicious attachments should be viewed as any other suspicious package – Someone you don’t work with regularly emails you a document they claim is an invoice that needs your immediate attention, but you don’t work in accounting. Why would they send it to you? Don’t open any attached files if they seem out of the ordinary to you.
The moral of the story is always be cautious when reading your emails, make sure you can trust the sender, and be wary of opening attachments. Always err on the side of caution. Golden Gate Office Solutions provides IT services to the San Francisco Bay area and has access to the knowledge and tools you need to secure your company’s network. Contact us today if you need help in this area.
