Phishing is the most prevalent cybercrime, according to the FBI’s 2020 Internet Crime Report. Today, 1 in 99 emails contain a phishing attack, and as much as 30% of these emails get through the default security settings. And overall, they contribute to 36% of breaches. That’s certainly enough statistics to get your attention.
Phishing emails are a widespread threat that’s causing a sizeable dent in data security. So, in this article, we’re going to address some of the most common questions you may have about them, including what is phishing email fraud, how you can become a victim, and what you can do to stay safe.
Phishing emails: an unassuming predator
A phishing email is a deceitful strategy typically used by criminals to extract personal information or commit financial fraud. They could be quite reassuring and are often part of a more elaborate scam.
Here are some examples of phishing email scams to illustrate them better:
- You receive an email from your bank informing you of a system upgrade. It asks you to log in to your online account using the email link and verify your details. You’re then taken to a spoof website that looks remarkably similar to the regular log-in interface of your bank. But it’s designed to collect your account credentials.
- An email from the IRS informs you of an overdue tax. You feel sure that you’ve paid your dues, but nevertheless, you click on the attached official notification to understand how you’ve made an error. By clicking download, you have just installed ransomware on your computer, which holds your device and data hostage until you make a Bitcoin transfer.
- There’s an email from a reputed charity seeking your assistance to support families hit hard by the pandemic-led economic downturn. You click on the email link and visit their website. Then you enter your credit card details to make a donation. But it’s a malicious site that looks identical to the original charity website, and it’s configured to collect your data and credit card information.
- You suddenly receive an email from a close friend. He’s traveling in Africa and has lost his wallet, credit cards, and cash. Now, he’s stranded overseas without any financial resources and urgently needs you to wire transfer some money to an account mentioned in the email. Desperate to help your friend, you immediately make the transfer. But you later find that he’s safely at home, but his email account is hacked.
- An email from a retailer you recently purchased from informs you of a product availability issue. Naturally, you’re entitled to a refund. You only need to provide bank account details so they can process your payment. By responding to the email, you’ve fallen victim to another phishing scam.
The convincing nature of phishing emails makes them a powerful weapon for cybercriminals. They have a higher success rate compared to most other data extraction techniques. And they are easier and less expensive to execute, too.
Guarding against phishing emails
So, how can you avoid the potential threats of a phishing email attack? Here are the essentials.
1. Set up two-factor authentication
A password cannot keep your data safe after you’ve handed it over to a cybercriminal during a phishing scam. This is where two-factor authentication (2FA) could help. For example, a phishing email will not be able to steal a one-time SMS verification code, even if you wanted to share. These unique codes are generated at each log-in attempt and are typically valid for a short period.
So, even if you’re tricked into revealing your account username and password, it would be almost impossible for a criminal to access your account when there’s two-factor authentication. Besides, apart from one-time passcodes, you can safely use various other verification factors. These can range from fingerprints to face recognition technology. Of course, some are more secure than others. But overall, 2FA is a highly versatile option to ensure data safety.
2. Authenticate email requests
Phishing emails are designed to deceive. Their success depends on it. So, cybercriminals go to great lengths to ensure they are convincing. They’ll often impersonate a reputed source, such as a government agency, well-known charity, reputed brand, or even a close friend or family member. As a result, it could be pretty difficult to distinguish a phishing email from a genuine one.
So, if you receive a request for personal information or money, you need to take note. Do not respond or act on it before authenticating the request. The easiest way to do this is by contacting the respective individual or organization via phone. But avoid calling on phone numbers given out on the email. Use a contact number that’s already saved on your phone instead.
3. Avoid email links and attachments
Email links and attachments are standard baits that come with phishing emails. They could take you to spoof websites or download ransomware or spyware onto devices. According to studies, more than 1 in 10 people who receive a phishing email click on a link or download an attachment. So, to protect yourself from phishing attacks, you need to avoid the temptation to click.
4. Report potential scams
If you suspect you’ve received a phishing email or have fallen victim to one, it’s important to report the incident. It will help relevant authorities to investigate and warn others before the attacks escalate. The Federal Trade Commission (FTC) advises that you forward the email to the Anti-Phishing Working Group and report the incident to the FTC on ReportFraud.ftc.gov.
Despite best efforts, putting an end to malicious phishing emails might be a futile venture, at least for now. Tracing them is not always easy, and barring one scam will only lead to another new one. So, the best option for email users is to build awareness and take protective measures to ensure personal safety.