As stated by Symantec, 1 in 131 emails contained malware in 2016 — the highest rate in five years. Malware is often installed in an email attachment, with 60 percent being packaged in JavaScript attachments. However, cybercriminals are evolving, now focusing their attention on new vectors.
Unfortunately, cybercriminals are also targeting victims based on opportunity. For example, during tax season, spam is being sent out under the guise of the IRS.
Some of the most popular phishing lures and targets include:
- Fake invoices continue to be the most common form of malicious emails
- Attachments in the form of scanned documents are another common lure (this is what happened in relation to the large Dridex banking trojan in 2017).
- Apple IDs are the most targeted, followed by Microsoft Outlook credentials, Google Drive credentials, and PayPal respectively.
- Although less commonly targeted, phishing email campaigns targeting Dropbox credentials tend to be the most successful in terms of click rate.
When it comes to phishing, knowledge is power. After all, if you’re able to spot a potential phishing campaign before taking any action, you can proactively protect your identity and information. Moving forward, please be mindful of the following preventative measures.
1. Don’t click on any suspicious links
If you’re sent a link via an email or instant message, think twice before clicking. If an email is sent from an apparently legitimate company, pay attention to how they address you. Most often, phishing emails will address the end-user in a generic fashion (i.e. Dear customer).
In this case, you can check two things. First, hover over the link to ensure the address is a legitimate source. You also want to check the sender’s email (make sure everything looks right).
If you’re still in doubt, contact the company (or person) in-question to verify.
2. Don’t download any attachments (unless you know where they come from)
If at any time you receive an email from an unknown sender, do NOT open any attachments — even if it appears to be important. As your first line of defense, be sure to deploy a spam filter that can detect viruses, suspicious senders, etc.
Related Content: 5 ways to keep employees more cyber aware
3. Be mindful of grammar
One of the best ways to spot a common phishing email is to look for poor spelling and grammar. Sometimes, this is deployed on purpose to see if the end-user was mindful of these mistakes. This provides hackers with greater insight. You should also look for emails that are vague and unusual (including the use of strange links).
4. Don’t assume an email is legitimate because it is listed as “urgent”
Many phishing scams will include the subject, “Urgent Notice.” This is a tactic to take advantage of high-stress situations. By invoking a sense of urgency or fear, hackers are often successful. To combat this tactic, take your time, remain suspicious, and never send out sensitive information in a rush.
5. Increase security
There are a number of options available in terms of fully managed network security services. This is particularly important for business owners who need to protect critical data. You can find out more info on this process here.
Don’t fall victim to a phishing attack — start by implementing the suggestions above and never stop learning about the most recent trends. Also, be sure to check out all of our in-depth resources to protect your data and information today!
