Did you know what the most common type of cybercrime in 2020 was? You might be surprised to learn that it was phishing attacks, and 96% of those phishing attacks came via email. Sadly, the number of phishing attacks is skyrocketing, and if you’re wondering why, well, the answer is simple: they work.
74% of organizations in the U.S. experienced a successful phishing attack in 2020. According to Verizon’s Data Breach Investigation Report (DBIR), that 43% of data breaches involved phishing. Here’s something else to consider: cybercriminals have their own special delivery methods for phishing attacks – the largest percentage of phishing attacks used PDF files and Microsoft Office files.
While the statistics can be overwhelming, it’s important to know just how big a problem of phishing email attacks is. Because data breaches involve some type of phishing, the financial harm to a company or individual can be enormous, with the average data breach costing organizations $3.9 million. The upside is that there are ways you can protect yourself from phishing emails, which can prevent problems from occurring in the first place.
Why Phishing Emails are so Dangerous
The biggest threat posed by phishing emails is that they can lead to identity theft. Once a cybercook gets you to click on a link in a phishing email or reply to it in other ways, your personal and financial information is immediately in jeopardy. Identity theft can be very costly to victims – according to the FBI’s Internet Crime Report, Business Email Compromise (BEC) lined the pockets of cybercriminals to the tune of $1.8 billion, the most costly cybercrime anywhere. That’s why it’s critically important to report phishing emails whenever you receive them.
So, what are those cybercrooks after when they send out phishing emails? The big 3 in their jackpot of theft desires include credentials, like passwords, usernames and the very coveted pin numbers; personal data like your phone number, and medical record information and history. In fact, medical identity theft is a booming cybercrime, as criminals steal your medical identification data and use it to acquire medications and treatments, leaving the victim to deal with copays and out-of-service charges.
Types of Phishing Emails
Whoever coined the term “phishing” emails decided to utilize phishing terminology when describing the different types of phishing emails. There’s the “spray and pray” email, which is sent to thousands of potential victims with the hope that there will be numerous replies, which leads to numerous victims. Bottom line – it’s a number’s game.
There is also “spear phishing,” which is a targeted campaign to a selected audience using emails and terminology that appeal to that particular target. The cybercrook often incorporates personal information within the email, or uses their knowledge of the intended victim to discuss job offers, for example.
Finally, there’s “whaling” where the cybercrook goes after the “big fish” – the one with the money or the one with the most desired data to steal. They often use names from within a company or organization, pretending that they know the victim. They also create spoofed websites that look real but are nothing more than a magnet to steal data, information and money.
Protecting Yourself from Phishing Emails
So, why are you the lucky recipient of a phishing email? ‘Even if you’re one of the thousands who get on the “spray and pray” email list, they have to get your email address from somewhere. And the cybercriminals’ first stop is usually one of the people-search sites like InstantCheckmate, PeopleFinders and US Search. So, one of the first things you need to do is remove all of the unauthorized personal data on those sites.
Another way to protect yourself is to have a strong email provider. Gmail, Zoho and PhotonMail all have strong built-in spam protection, sending most phishing emails to your spam folder. Outlook is another provider with a strong spam detector.
Most computer users tend to overlook updating their operating system on a frequent basis, but it’s one of the easiest ways to prevent phishing emails from slipping through. That’s because each update usually includes security patches for all types of known malware and spoofed websites.
Always Report Phishing Emails
One of the ways everyone can help stop the phishing scams is to report them. The Federal Trade Commission (FTC) has a reporting page for phishing emails. If you did become a victim and gave up some personal information, report it to the Treasury Inspector General Administration, and immediately change all of your passwords on every account.
In addition, look over emails that come from people you’re not familiar with before clicking on any links. You’ll usually be able to spot typographical errors or see obvious signs that they were created by someone who isn’t familiar with the English language. There are also keywords that cybercrooks use with phishing emails, and they continue to use them over and over because they elicit a response. Some of those words include: urgent, attention, payment, important and request, among others. But those are clear signs you might be looking at a phishing email.
By following the suggestions and recommendations listed above, you’ll have a good chance of not becoming a cybercriminal’s next victim.