undefined undefined
Phishing is a social engineering technique that attackers use to gather your information by posing as a legitimate institution or a friend. Phishing scams aim to trick individuals into clicking a link, opening an attachment, or disclosing sensitive information such as personally identifiable information, banking and credit details, or passwords. Attackers will use email, instant messaging, social media, and even phone calls to target individuals. Phishing can happen at work and in your personal life.
Recent industry reports show that up to 94% of organizations are victims of phishing attacks1 and that 22% - 36% of all data breaches involve Phishing.2 In the FBI’s 2021 Internet Crime Report, there were 323,972 victims of Phishing attacks in 2021.3
How can you be aware of and protect yourself from phishing attacks? There are five common indicators of a phishing attack, including:
Though they are most commonly in the form of an email, phishing can happen in many ways. Below are scenarios showing a variety of phishing attacks. While fictitious, these stories emphasize real strategies and techniques used by attackers.
John didn’t recognize the phone number, but he answered the call anyway. The caller claimed to be a representative from his bank. The caller sounded professional and urgently needed to verify suspicious activity on John’s account. John quickly provided his information and was told the issue was taken care of. He went about his day, but later realized he had been the victim of a vishing attack.
Stephanie heard her phone ding and saw a text message that appeared to be from her mobile phone provider. The message warned of an overdue bill and threatened to cancel her service if she didn’t make an immediate payment. The message provided a link that took her to a payment page. She entered her card details, relieved to have resolved the problem. Later, she realized her card had been used fraudulently. She had been a victim of a smishing attack.
Jonathan was browsing a website and saw an ad offering a free product. All he had to do was pay for shipping and handling. Eager to take advantage of this limited-time offer, he followed the link to a website where he entered his information. The item didn’t arrive in the expected timeframe and when Jonathan tried to follow up, he couldn’t find any information on the company or the item he had purchased. He was a victim of baiting.
Julie saw a poster as she walked down the street. It advertised discounted tickets to an upcoming local concert that she’d been wanting to attend. She quickly scanned the QR code on the poster which directed her to a site to purchase the tickets. Since they were almost sold out, Julie purchased a ticket. When she couldn’t access the ticket later that day, she realized that she had been a victim of a quishing attack.
To help prevent yourself from being susceptible to phishing attacks or other forms of credential stealing, make sure you have multi-factor authentication (such as two-step verification) enabled on your accounts. Additionally, you can turn on security alerts that will notify you if your account is being used on a computer or device you’ve never logged into.
Phishing attacks are most common in emails, but they can occur on any account that has a messaging feature, including social media. No matter where you are logged in, be on the lookout for the common signs of phishing attacks!
If you suspect that you’ve fallen victim to a phishing attack, it’s important to act quickly to minimize potential consequences. First, change any passwords that may have been compromised. Ensure that the password is strong and unique – read how to create strong passwords here. If you have not already done so, be sure to enable multi-factor or two-factor authentication (MFA/2FA) on your affected devices and accounts. You may want to check your computer or device for viruses or malware. If you provided any financial information, contact your bank or card issuer and alert them of the potential for fraud. Lastly, monitor your accounts for any unauthorized or suspicious activity.
The most important defense against phishing attacks is education and vigilance. Learning to recognize the common tactics used by attackers and remaining aware will help you avoid falling for these scams. Remember: always verify the authenticity of requests for personal information, be careful of unusual requests or offers that are too good to be true, and don’t give into a perceived sense of urgency. You are the best shield to keep your information secure.
Vishing: https://www.terranovasecurity.com/blog/examples-vishing
Smishing: https://caniphish.com/what-is-smishing#Examples
Quishing: https://www.hbs.net/blog/quishing/