Phishing attacks are rapidly growing and evolving. A cybercriminal is only an email away from accessing your network, device and most valuable data. Phishing emails have the potential to go around many security defenses employed by companies and causing a lot of damage to data. More than 90% of cyber-attacks start through phishing emails.
Cybercriminals employ social engineering tactics to lure targets
Over the years, cybercriminals have become more sophisticated. They use the latest social engineering techniques to ensure you hit the phishing email.
- Impersonate trusted brands
- Impersonate people in your emails
- Create spoofed sites
- Personalize attacks with private details about the target
Phishing has advanced so much that differentiating them from normal communication is increasingly becoming very difficult. Now, they can even be sent in the following formats;
- Online purchases
- Failed delivery notification
- Job applications
- Legal notices
- Security updates that instill fear and create urgency to clicking them.
Google, one of the largest tech giants, was at the receiving end when a phishing schemes targeted it’s over 1 billion Gmail users. The phishing emails closely resembled the actual emails from Google and were presented to appear like they were sent by trusted users on an individual’s contacts.
The recipient was asked to open a Google docs file that redirected to the Google’s management page requesting permission for a fake application. If the permission was granted, attackers would send phishing emails to the contact list and spread the attack to many users.
Now, with phishing targeting and attacking even top tech companies, even individuals are equally at huge risks.
How to avoid phishing attacks ?
- Be extra vigilant with all electronic communication especially email: Ensure always to examine the source of unexpected, unsolicited, and every suspicious communication (example, emails requesting transactions of financial nature). Here, be on the lookout for spoofed sender, poorly crafted messages, messages of activities such as job applications, notification of shipment, and orders. Cross check the sender before opening the email.
- Always double check the links: Never hastily hit links that come with emails, site notifications, and messages. Always treat links with doubt by hovering closely to check the source. Type the URL on the search page to countercheck manually.
- Do some search on every suspicious communication: If in doubt of the communication on the inbox, do some quick online search, and you will easily tell if they are scams. Make sure to notify colleagues, the IT department, and even regional administration.
- Secure the internet connection via VPN: When you install a VPN, it encrypts all internet connections to keep all contacts and info from attackers. In fact, a VPN will even help to protect your Wi-Fi from intruders.
- Utilize multi-factor form of authentication: Using 2-forms of authentication such as a security question and password before accessing sensitive accounts is very critical. Even if the attacker cracks your password, he will not pass through the second authentication stage. Where possible, consider authentication that requires personal biometrics that are very hard for attackers to get.
- Look for typos: It is very unlikely that a reputable company will send an email laden with typos. Because most phishing are known for typos, always check carefully to leave the dangerous ones out.