Elevate your online security from the outset with crucial phishing awareness tips. In a digital landscape flooded with new phishing scams, staying abreast of evolving tactics is key. Explore how to identify and thwart these threats to fortify your defenses against cyber-attacks.

It seems that daily, certainly weekly, new phishing scams are launched on the Internet. From a security awareness perspective, it is important to keep up-to-date on recent methods.

Identifying Phishing Tactics

While you need not be aware of every scam, periodically reviewing new scams can help you to maintain awareness and develop that “sixth sense” that allows you to detect any such attack.

The website, security.uchicago.edu/phishing/latest, is an excellent starting point based on scams seen related to The University of Chicago network and users. They update the list of recent phishing scams regularly. For example, at the time of writing, nine example scams are listed so far in 2022. One example is the January 6, 2022 report of the “Help desk” email scam

1https://security.uchicago.edu/2022/01/07/email-scam-jan-6-2022-help-desk/. The scam works like this:

  1. The attacker sends an email stating that “There are some technical errors that have affected our servers because of undelivered emails from your account, therefore you are advised to confirm your account immediately or it will be suspended. -Help Desk
  2. The email also includes the link to use for confirmation, which is not a link to the internal systems at all.
  3. The victim clicks the link and provides their email address and password.
  4. They are then notified that their confirmation was successful.

What the victim does not realize is that the site was unauthorized and the email address and password have just been harvested by an attacker. As you can see, it works by appealing to authority (the Help Desk) and future pain (if you don’t confirm, your account will be suspended). This method will lure in many unaware users.

Phishing Prevention Strategies

In our CyberSecure curriculum, we teach the need to validate links (do not click links destined for unknown or unrecognized sites), verify actions (call the Help Desk directly and ask if the email is valid), never believe it when any party asks you to provide your password in conversation, on the phone, in email, in social media, or in a web form.

In this case, the legitimate Help Desk would never use some odd web form like this to confirm the username and password. It’s simply not technically necessary in any scenario. Other such scams may indicate the need to “free some storage space” or “delete old emails” to get you to logon to the page and, therefore, provide your email address and password.

Statistics and Business Impact

According to mimecast.com, 47% of successful phishing attacks result in account compromise and 49% result in malware infection. Additionally, they report that 96% of businesses face phishing attacks.

Interestingly, according to an Osterman Research white paper

2How to Reduce the Risk of Phishing and Ransomware, Osterman Research, March 2021 from March 2021, half of organizations believe they are effective at countering phishing attacks; however, 53% stated that a business email compromise attack was successful, 49% stated that a phishing message resulted in malware infection, and 47% stated that a phishing message has resulted in an account compromise. I believe we can assume that there is some non-overlap in these statistics. In fact, 85% of companies in this report stated that at least one of 17 types of attacks (in the phishing and ransomware categories) was successful against them. This means that, even though half of the organizations believe they are effective, many of those same organizations have failed.

Successful prevention of phishing attacks comes down to user education 3https://security.uchicago.edu/2022/01/07/email-scam-jan-6-2022-help-desk/ and continued awareness 4How to Reduce the Risk of Phishing and Ransomware, Osterman Research, March 2021. We’ve all heard the phrase “let your guard down.” This is exactly what happens when continued awareness efforts are not employed. Company newsletters, email notifications of recent scams, a portal web page listing recent scam attempts, and other methods, such as requiring ongoing user education, can be used to keep the reality forefront that all of us on the Internet are under continual threat of phishing attacks. We don’t have to fall victim to them, if we maintain awareness.

Share This Story, Choose Your Platform!

Recent Post