Every day, innocent victims fall prey to phishing scams. Whether this occurs via email, social media, texts or phone calls, cybercriminals love to reap the benefits of phishing attacks.
Recently, over 10,000 Microsoft email users were part of a phishing scam where hackers posed as FedEx and DHL Express in order to obtain sensitive information from innocent victims. These hackers were able to mask their true identity through email titles, content and sender names. The emails contained worrisome text implying that these companies needed more information or documentation in order to complete a delivery. Some of the emails even sent a message suggesting that documents had been delivered to the user with links that lead to a phishing page that mirrored a Microsoft login page. For any innocent email user, they had no reason to believe these messages weren’t actually from FedEx or DHL Express.
Not only did this pose a threat to personal emails, but it was especially risky for work email accounts. If a hacker was able to obtain a work email password, this could lead them to sensitive company data.
While it’s hard to keep phishing attacks from happening, it’s crucial to be informed on how to avoid these particular scams and know when to send these messages to the trash. Without education on phishing, it’s impossible to know what to look out for.
What is phishing?
Phishing is a very common cyber scam for hackers. It involves cybercriminals getting in contact with victims through any mode of communication and disguising themselves as an authorized company, institution or person. If the hacker is able to lure the individual, they might be able to persuade that person into sharing information including personal data, banking information, passwords and more.
Oftentimes, the hacker can gain access to information by offering limited-time, eye-catching deals or even posing as a helpless individual needing urgent support. By tapping into the users’ emotions, the criminals are able to distract the victims from any sense of skepticism.
While most internet users have encountered some form of phishing, from spam emails to being catfished on social media, this has only been an acknowledged crime since the mid-2000s. According to phishing.org, the first lawsuit involving phishing was filed in 2004. In this case, a California teen imitated a popular website titled “America Online.” Through this fake website, he was able to gain sensitive information, including credit/debit card details. According to WIRED, in 2019, the FBI’s Internet Crime Complaint Center estimated $58 million worth of losses from phishing victims.
Luckily, internet users today are much more knowledgeable about internet safety in regards to sharing personal information. However, phishing attacks still occur on a daily basis. The best way to shield your information is knowing what to look out for, and the biggest mistake companies make is failing to educate employees on their duty to keep sensitive data secure. Read more for tips on how to recognize a phishing scam when presented with one.
- Offer Looks Too Good To Be True
Similar to the FedEx and DHL identity theft on Microsoft email accounts, phishing scammers love to disguise themselves as a well-known business. If you receive an attention-grabbing offer, it’s important to read into it before jumping in.
Most people have encountered obvious phishing scams in their lifetimes, such as free iPhone, gift cards or lottery offers. However, sometimes the scam is a little more believable, including fake job recruiters, honor society proposals, bank statements and so many more.
It can be strenuous to constantly decipher between what’s real and what’s not. It’s important to always check the sender’s email, and most importantly, the email domain. This will give a clear indication of who this email is actually coming from and if it’s actually from an email you recognize. If you’re still unsure, paste the email into Google or any other search engine. For a phone call or text message, plug in the number. Since phishing has become so common, many known scam numbers and emails have been tracked on the internet by peers to protect other potential victims.
- Link Quantity
The main goal of phishing scammers is to lead their victims to click a link. For starters, any email with multiple links should automatically be deemed suspicious. If an email is already giving you red flags, avoid clicking any accompanying links. Not only can the link lead to a website that requests personal information, but it can also invade your computer with viruses. Some hackers even have the ability to intrude on your computer data through a link before you even provide any information.
Sometimes URLs can’t be fully seen due to a hyperlink, but some phishing scammers will provide a full link to mimic a well-known website. Always read these links very carefully. It may appear to look like a familiar website but can be different by one missing letter or minor misspelling. Beware of spoofs and remain cautious when you’re provided with a link from an unfamiliar number or email address.
The two main ways a phishing scam works is by luring individuals into clicking links or attachments. Receiving a message with strange or attention-grabbing attachments is an automatic sign of phishing. This attachment could contain viruses or ransomware. Do not open or download any suspicious attachments.
- Urgent Messages
If you feel a sense of panic after reading an email, text or direct message on social media, there’s a good chance it’s a phishing scam. Hackers want to create a sense of terror in their victims in hopes that they’ll fail to recognize the scam.
Urgent messages can be a good sign that the received message is part of a phishing scam. Sometimes, hackers even go far enough to pose as a close friend or relative and request documents, information or money.
How to Avoid Phishing Scams
Luckily, there are plenty of ways to recognize a phishing scam. However, it’s also important to know that it’s possible to avoid receiving scam emails, texts, direct messages, etc. In order to keep yourself safe on the web, it’s recommended to follow these techniques:
- Install Protective Software
Your computer and your regular web browsers all can be equipped with anti-phishing software. For your browsers, such as Google Chrome, Safari or Firefox, it’s as easy as downloading a toolbar to regularly check the sites you’re visiting.
Another protective measure you can install are firewalls. Firewalls can be a software or hardware installation that carefully analyzes network traffic and works to block data. It provides a barrier between you and any external sources you interact with. You can install desktop firewalls and network firewalls.
- Avoid Unfamiliar Sites
Any website can be jammed with viruses, malware or scams. Every person has sites they visit regularly and trust. When you decide to surf the web aimlessly, it’s easy to come across illicit sites.
According to phishing.org, one tip to stay safe on the internet is ensuring that every URL begins with “https”. Additionally, if your URL bar has the closed lock icon next to the link, this confirms that your web browser recognizes the website as safe.
If your browser alerts you that a website may contain malicious files, do not continue. This is how your sensitive data can get leaked to hackers and lead to a phishing scam.
- Check Up on Your Online Accounts Often
With social media, emails, online shopping, etc., most internet users have a wide variety of accounts online. It’s important to always keep track of these accounts and log into them often. If you leave an account untouched for a long period of time, there’s no way to know if a cybercriminal has gotten ahold of your information.
- Update Your Browsers
While most people mindlessly update their phone, computer or browsers, it’s important to know why this is so crucial. All popular browsers release updates multiple times a year in order to fix any possible bugs in the system. One of the possible bug fixes is a security patch. Security patches are created in response to loopholes in the code that cybercriminals may discover and use to their advantage. If your browsers aren’t updated with the latest software, phishers have a greater opportunity to mine your data.
MDL Is Here to Help
Unfortunately, phishing has become a regular part of everyday life for avid internet users. While most scam emails and messages are obvious phishing, in cases like the Microsoft email accounts and FedEx/DHL scammers, some messages can be very believable.
At MDL, it’s our job to train your employees on the best practices to keep data safe from potential hackers. We’re experts in providing a proactive approach to cybersecurity for your business. Since the majority of cyberattacks are a result of human error, it’s essential that your team knows the warning signs of a cyber threat. In addition, we can provide disaster recovery to give you peace of mind that your data is backed up externally. In case a cyber attack occurs, your data is safe and secure with MDL Technology.