Phishing – The Digital-Age Confidence Scam

Trust me, just give me your details, so that I can help you!!…..(Anonymous)

Phishing is an online scam where malicious individuals send alluring emails or messages to another individual to collect sensitive information, that is then used for financial gain by the malicious individual.

Phishing attacks can lead to-

  • Direct loss of money – where online banking details have been compromised.
  • Loss of user data – which can lead to identity theft.
  • Loss of Intellectual Property – leading to financial as well as strategic loss to individuals and organisations.
  • Loss of Private Information such as passwords etc. – creating the potential for significant loss.

Key reasons that phishing attacks are becoming more and more successful-

  • Lack of security awareness among individuals – e.g., opening emails / clicking on links with compelling / enticing subjects
  • Lack of adaptation of strong security measures by individuals – e.g., Sharing personal details on social media without thinking about the consequences.
  • Emails from a cybercriminal posing as a senior executive.
  • Errors brought upon by high volume of emails at typically busy periods (e.g., end of month)
  • Sophisticated Cybercriminals with access to funds and technology, constantly improving their attacks to fool even aware and normally careful individuals.

Some basic tips on spotting a potential phishing email – (before you click)

  • Pay special attention to emails with a generic greeting.
  • Treat any email that Invites you to click on a link, with suspicion in the first instance.
  • The “from” email address is not valid and has typos (look for minor errors).
  • Check for errors in the emails.
  • Question yourself – would this person normally ask for this?

 Other good habits to protect yourself-

  1. Use 2 multi-factor authentication (MFA) or 2FA if possible.
  2. Back up your data on a regular basis.
  3. Try using the DMARC protocol to authenticate emails.
  4. If you have clicked on a malicious link
    1. Notify the organisation with whom you have the impacted account or whose information may be impacted.
    2. Change your account details and passwords.

Bibliography-

1,2 & 4  https://www.tessian.com/blog/phishing-statistics-2020/

3 https://blog.usecure.io/the-top-phishing-statistics-to-know-in-2022