Gone Phishin’?

May 18, 2022 electricoak

Hook and a credit card - phishing attempt

Phishing is arguably the most dangerous form of attempted cyberfraud. It’s pervasive, and it’s too often successful in deceiving consumers and small businesses.

The last three years have seen the biggest spike in phishing attempts ever recorded. The rise in phishing scams doesn’t appear to be slowing, either. The COVID-19 pandemic and the supply chain uncertainty have opened new doors for scam artists to confuse people, and they’ve taken advantage of every opportunity.

To combat the rising trend in phishing, let’s start with a look at its definition, its rate of recurrence in business, and how to combat it.

What is phishing?

Phishing, a play on the word “fishing” (as in “fishing for information)” is a cyberscam that targets people through email (usually) or phone or text, posing as a legitimate institution to try and gain sensitive information. The information these criminals are after includes passwords and login credentials, banking and credit card details.

The criminals then use the information to commit identity theft, leaving consumers and businesses at enormous financial loss.

Why is phishing on the rise?

According to the FBI Internet Crime Complaint Center (IC3), phishing attempts are the type of cyberattack reported more often than any other.

And according to a recent study by Zcaler’s cloud technology, there was a 29% growth in overall phishing attempts in 2021. In 2020, that number rose 60% from the previous year.

All-in-all, we’re up almost double the number of phishing attempts from just two years ago. These are just some of the reasons why phishing scams are on the rise:

  • Supply chain uncertainty leaves room for criminals to send “updates” about delayed orders or require payment for supposed shipping requirements
  • The pandemic riddled households and businesses with new paperwork requirements, from proof of vaccination to paperwork for government stimulus checks, all of which opened new doors for scammers to pretend to be part of the same
  • New phishing-as-a-service companies are providing “ready-made” phishing packages to enable even non-sophisticated actors to launch successful attacks
  • Precarious financial situations with rising inflation, loss of jobs, and widespread pandemic-related death have left consumers and business in sometimes desperate situations, making them more susceptible to attacks

How to Recognize Phishing Attempts

Here are some of the most common words you’ll see in subject lines of phishing attempts. When these messages supposedly come from known businesses like Amazon, or even from government agencies, these words will not appear in legitimate subject lines from the real institutions.

Any one of these should be an instant flag:

  1. Urgent
  2. Request
  3. Important
  4. Payment
  5. Attention

Some of these “flag words” might surprise you, but legitimate institutions will not ask for payment information or make “requests” by email. Anything requesting sensitive information will prompt you to review information or take action available only from inside the secure platform where you manage your account.

Phishing has always been one of the most widespread cybercrimes. The same Zcaler study mentioned earlier estimates that, at 84% of businesses, at least one employee opens and interacts with a phishing attempt every year.

Protect your business with training and knowledge. Share this article and train staff to recognize phishing attempts starting today and call our team for help with phishing and your IT strategy.