Phishing scams are still one of the most crucial threats to companies. Reports on latest phishing scams show that their methods are evolving at an alarming degree with the passage of time. Despite the phishing protection, criminals send deceptive emails impersonating a trusted source and trap victims to give out their personal information. Instead of hunting tuna or salmon they victimize people and steal their personal data including passwords, bank account details, sensitive information, etc.
The attacks aren’t just increasing but the criminals are now using artificial intelligence and what not to target business giants. Approximately 30% of the phishing emails are opened because of the lack of email phishing protection. Nearly anyone can now create a complicated and undetectable phishing email.
What is Phishing?
Phishing is the fraudulent act of sending out emails by cybercriminals in order to get their hands on your personal data. A phishing attack can happen through emails that look legitimate. These emails will encourage you to click on a certain link or download a certain file. Email is the most important mean of contact everywhere and it isn’t going away any time soon. Apart from email phishing, Google Docs phishing and Google chrome phishing scams are also being reported. Given the current scenario, it is precautionary to understand what phishing is and what security measures can be taken to avoid it.
How Phishing has Evolved
In order to avoid being a victim of phishing scams, you need to understand the latest tricks played by the hackers to collect your sensitive information. Phishing attacks in past were poorly constructed and depended on luck to hit as many people as possible. However, nowadays attacks are more sophisticated and smartly designed to avoid detection.
1. Targeting individual Business
Hackers can now hand-pick their targets to ensure that they trap a potential victim. According to FBI, Business Email Compromise (BEC) attacks have resulted in more than $5.3 billion in losses since 2015. In such attacks, the fraud would impersonate as a company executive, asking an employee for information via scammed email. They might trick people into filling a form for a vendor, filling a fake contract, or visiting a spoofed website and creating an account on it. Hackers have also been reported asking victims to fill a fake tax form.
2. Unrecognizable to Signature-based Security software
Phishing attacks nowadays are designed to bypass signature-based security, making it even harder for technology to detect a malware. According to Webroot 2016 Threat Brief, 97% of polymorphic malware attacks have become unique to a specific endpoint device.
3. Better Spoofing Websites
Criminals are creating more sophisticated phishing sites in order to make them much harder to identify. An article by HelpNetSecurity revealed that in order to remain undetectable some of these sites have lifespans as little as an hour and they mimic trusted sources such as Google, Chase, Facebook, PayPal, Apple, and Dropbox.
4. Optimizing Attacks by AI and Machine Learning
Hackers are now using machine learning to better identify target pattern in order to pass through the security. Chief technology officer at McAfee, Steve Grobman, told CSO online that while these technologies will be cornerstones of tomorrow’s cyber efforts, “adversaries are working just as furiously to implement and innovate around them”. Artificial intelligence can help detect vulnerabilities, create malware that can evade detection and automate attacks.
What can be done to avoid Phishing
As we have now understood the problem and how much of a threat it can be, it is time to discuss whether we can do anything about it or not.
As an end user, there’s not much that can be done by us. The emails can be deceptive and can almost look like authentic ones. We can save ourselves from all the trouble by taking few security measures and checking the authenticity of a source before giving out any personal detail. Major strategies require you to enable phishing and malware protection and Firefox protection by downloading phishing protection software. Here are some tips that can come in handy to save you from having a data breach.
• Never click on suspicious links directly:
Isn’t it obvious that we should avoid clicking on any suspicious links? Instead, we can open a new tab or window and type the link manually to ensure that it doesn’t take you to spoofed websites. Criminals can be expert at deceiving security detection and creating websites that look almost like an original one.
• Ensure connection security:
Even if you have clicked on a link, make sure that the connection is secure before giving away any personal details. Look for the “https” prefix before the site URL to make sure that it is a secure connection. If there is no “s” in the URL, you need to worry.
• Beware of suspicious email attachments:
It isn’t likely to receive an attachment from a legitimate organization unless it’s a document that you asked for. If you see any email in your inbox that in any way looks suspicious, never hit the download button as it could be a malware.
• Beware of emails which ask you to respond immediately
Often phishing emails urge you to take immediate notice. They would say that your account is about to get frozen or put on hold or that there has been an unusual activity requiring your immediate attention. Of course, you can receive a legitimate email, but to be safe don’t click on the link right away. Instead, log into the account in question and view your account status.
• Match Hyperlinked URLs with stated URLs
The hypertext link in a malware email may include the name of an authentic source. But when you move your cursor over it, you might notice that the actual URL is different from the one shown in the pop-up. Similarly, you can hover over the address in the “from” field and check whether the website domain matches the domain of the organization it was supposed to be sent from.
• Look for improper spelling or grammar
This is one of the most usual signs that an email isn’t authentic. Sometimes it can be easy to spot a mistake, for example, ‘Dear eBay Costomer’ instead of ‘Dear eBay Customer’.
However, other mistakes can be hard to spot. Make sure that you look at the email carefully and pay attention to details. For instance, the subject of an email might state “Health coverage for the unemployed”. The word unemployed isn’t hard to spell. So when in doubt, double check the email and look for the details.
Do Not be a Victim
Training your employees to spot phishing emails or any cyber threat is always a good investment. However, stopping these attacks from harming you is crucial. After all, groups working behind such scams are highly organized, smart and technologically advanced. Shouldn’t your defenses be just as good and advanced as theirs?