According to the IBM data breach report for 2022. Phishing accounted for the highest attack vector for cybercrime for stolen or compromised credentials.
A phishing attack is a socially engineered attack that will use human tendencies to trick you into giving up information you usually would not. In most cases, it uses emails, but this same type of attack also works with other types of messages (text, Messenger, WhatsApp, and others).
The email and message can appear very legitimate but can be an attempt to steal personal data.
Unfortunately, the odds are you have clicked on a phishing message at least once in your life and never knew about it. The message will look remarkably close to a trusted source. Perhaps you recently bought something on Amazon, and you get a message telling you that your package is delayed and to click here to confirm a new delivery day. The best phishing attacks use everyday situations where you clink on a link and input credentials, or you respond and provide some personal information, and you never know it was a phishing attempt. The point is, in many cases, it can be tough to tell.
Here are a few tips to help you combat phishing.
- The message content – are there any odd spelling mistakes or content information that seems off? In many cases, the issues will be subtle, a few spelling errors is all you need. If you get a message from Amazon, it will never have spelling issues – if you get an email from me…well, that may be a different story =)
- Where did the email come from? Just because it say’s it came from “Amazon” does not mean it came from Amazon. Ignore the name of the email sender, anyone can type anything they want. Is the email something like email@example.com? or firstname.lastname@example.orgemail@example.com. Both of these emails are fake and would be a sign that it is a phishing attack.
- Before clicking on any links, see where the link is taking you. On a PC, you can hover over it, and it will show you the link you are going to in the bottom left-hand corner. Does it look legitimate? Sometimes all that is needed is to visit a site, and they can upload some information to your computer. Depending on your browser settings or anti-virus on your computer, that may not happen.
A Free Phishing Test
These are just a few things to keep in mind. Also, Google has a great free phishing test you can take to see how good you are at detecting phishing attacks. I highly suggest you try it out; it takes about 10 minutes, and you will learn a lot about how to spot phishing attempts.
Google free phishing training test: https://phishingquiz.withgoogle.com/
As a rule, think before you click.
If you have any questions, please reach out to us.