Are you aware of phishing risks?

All around the world, people are talking about cybersecurity and phishing risks, so many losses experienced by companies and individuals. In the past few years, the number of attacks increased by 250% over the course of 2018.  As a result, companies have started to invest heavily to protect their data from cybercriminals, but security still remains a significant challenge.  Despite all of the monies invested in Security protection, the most widely used vector for cybercrime is Phishing.

Phishing is a common cybercrime in which criminals lure people into divulging sensitive information including credit card details, passwords to all your sacred accounts and Social Security numbers. All this can be attained by fooling you into clicking something that looks like an email from your bank, boss or friend.  According to the latest Verizon report (2018 Data Breach Investigations Report), 90% of breaches start with a phish. This is a huge problem and it is essential for everyone to know how to avoid being phished.

I’ve recently read an article about phishing, and thought it gave a great explanation on phishing and simple tips on what to look out for so you do not become a victim. Have you ever seen an illusionist or a magician performing? Well, they are not doing any magic there; they are only distracting us. They are playing with our attention. The same thing happens with phishing emails. We believe that the email is authentic because it includes a logo from a legitimate company or the name of an individual that we are familiar with, and we do not process the details that could indicate potential fraud.

My advice here?  Pay attention to details.  Decrease your phishing risks. Interrogate every email.  See below on tips when you receive emails:

• Know the Name: emails from unknown individuals should raise some concerns. No legitimate company will request personal information via email.
• Know the REAL Email Address: double check each address. In many cases, cybercriminals will use the same email address format as the company they are using as a hook, but if click on the Sender Name, the real email address will be uncovered and it may be different than the company you were expecting.
• Attachments: it is well known that the most effective phishing initiatives are disguised as documents attached to an email, so do not click or download unless the situation makes sense and you have validated the sender.
• Hyperlinks: the best method to check a link without opening it is by moving the cursor over it, and see the actual destination.  Cybercriminals hide malicious code in hyperlinks so one errant click could lead to many issues.
• Grammar and spelling: when all of the above details are validated, also check the grammar of the text. No legitimate company will release an email full of errors!

If any of these raise a flag in your email, you should report the problem. If you received a phishing email or you suspect that it could be malicious, ask the IT department to have a look and review it. If you receive these emails on your personal email address, report the email to the emailing platform (aka Gmail or Yahoo).  

Despite phishing being one of the oldest methods of cybercrime, it’s effectiveness and popularity is increasing. Experts predict that we are not even close to ending this type of cybercrime. As automation and technologies have advanced, phishing has become extremely sophisticated, and without regular awareness programs, we won’t be able to limit these attacks.

If you want to test be aware of the phishing risks, check out a company like Symbol Security and their phishing simulation tool, or their blog section for more content about the topic of phishing.