In a report published by the Anti-Phishing Working Group (APWG), a significant increase in the number phishing attacks recorded recently. In fact, there were more phishing attacks witnessed in the first quarter of 2023 than any other quarter in any year on record previously.
This issue has grown to the extent that it presents a massive problem for groups of all shapes and sizes and due to this, and the importance of being able to spot these types of attacks has grown due to this.
Phishing is a method of identity theft that involves hackers attempting to trick users into sharing personal and sensitive data unwittingly. They are the main consequence of a data breach and typically happen not long after one occurs. More and more they are being used as follow-ups to an initial attack to try and infiltrate the group/organization further and obtain more valuable data.
In order to avoid being a victim of a phishing attack you should carefully consider the following five points:
1. Use Common Sense
If you remain calm and carefully react to anything you are sent then there is less chance of you, or your group, losing a lot of hard-earned money to cybercriminals.
Never visit links that are included in an email unless you are 100% certain that they are real. Also, be extremely cautious of emails requesting confidential information – especially if it asks for personal details or banking data.
2. Beware of Shortened URLs
Be extra careful when it comes to shortened URLs. These are one of the main ploys used by cybercriminals in order to fool a web user to visit a site that is rife with malware and tracking bots that will be used to steal your private personal information and use it for ill means.
In order to spot this, it is wise to move your mouse so that it floats over a hyperlink so you can see what the website really is.
3. If you have any concerns that the email may not be genuine, then have a second look at it
Most phishing emails are easy to spot as they will contain numerous typos and other grammatical mistakes. If this is the case then it is likely that the email will have been sent by spammers in a bid to steal your information.
4. Urgent Deadlines & Pleas are a Giveaway
In most cases, a genuine or reputable company will not ask you to complete something within a specific deadline. There are exceptions to this like if a group-wide breach takes place and passwords need to be changed manually. However, more often than not, a plea like this will be a clear indication that you have received a phishing email.
5. Make sure that you are using HTTPs to browse
Use a secure website at all times if you can. You will see this by the ‘https://’ or a security “lock” icon in the browser’s address bar.