Phishing scams have been rising at an alarming rate and every year a large number of people and organizations incur huge losses due to such scams. Phishing is one of the most popular methods of data breach accounting for 90% of the global data breach instances. Other states are equally alarming:
- In 2019 the phishing attempt recorded a growth of 65%
- 5 million new phishing sites are built each month
- 76 out of every 100 businesses became a victim to phishing during 2019
- The opening rate of phishing mail is 30%
- BEC (Business Email Compromise) scams that specifically target Government, commercial, and nonprofits organizations resulted in a total loss of $12 billion in 2019
- According to IBM, the average financial cost of a data breach is a high a $3.86 million
All the above-mentioned stats are rather alarming. Besides, the artificial intelligence has made it even easier for scammers to carry out phishing attacks more efficiently. Our objective is not to induce fear in the readers’ minds but to make them acquainted with the ground reality and takes proactive preventive measures. By following some guidelines and using specific techniques you can easily protect yourself from phishing attacks. In this article, we are going to discuss some common phishing scams and the preventive measures to avoid loss.
Email phishing scam refers to the instances where you receive emails that are seemingly sent by your acquaintances, friends, or colleagues. In reality, it is a trick played by malicious elements to prompt you opens the mail, read the content, and take specific actions like clicking a link, downloading a file, or filling an in-mail form. In this way, they can collect your sensitive information and misuse it for their vested interests.
A link to a forged website cleverly architected to resemble a legitimate business
Seemingly legal and logical content prompting you to submit or mail your sensitive information- especially the one that can be used for financial purposes like money transferring, withdrawals, and banking transactions
- Make it a habit not to click any link straight from the mail but copy-paste the link in your address bar to open it
- In case of file downloading you should thoroughly scan it and open it either through Google Drive or save it directly in cloud storage instead of saving it in your system
- As far as possible avoid opening such emails when you are very much occupied with the work or in the middle of a hectic schedule as you are more likely to act hastily and with less caution during such instances
- Create an auto alert function in your mail to monitor such phishing emails and warn you before you open them. It will reduce the possibilities of human error by working consistently and accurately
Tech support scams (Cold Calling)
In this type of scam, the phisher poses as a technical security professional from a legitimate and genuine IT security provider who has contacted you to report malware that they have discovered on your system.
The phisher first tells you about the risks of such malware and then offers a precise solution that involves the installation of remote software that would safely delete the malware without harming your data. Many scammers would demand some fee to repair this so-called malware issue. The truth, as you already have reckoned is that this so-called remote desktop software is spyware or malware that would steal your key information or damage your system and create complex technical issues.
- Before proceeding further check for the number by searching it in a reputed search engine like Google. Most of the reputed IT security providers use a uniform and easily discernible support number
- If they use the names of highly reputed companies then report the incident with details to those companies to help save others from being a victim to the fraud
Vishing is very much the same as phishing with the only exception that the mode of scam is the voice (or VoIP) instead of text email. The phishers play tricks on individuals by calling them over voice mediums and prompting them to share their vital personal or payment details.
- If suspicious cut down the conversation by citing issues like lack of time, surrounding noise, or other issues r simply disconnect the phone
- Report such scams immediately by sharing the details with your local cybersecurity cell or contacting Anti Phishing Working Group at https://apwg.org/contact-us/
- After the call is over (or if possible, during the ongoing call) check all the relevant digital platforms like the company’s official site, its social media presence, and mentions by third-party websites. Have a keen eye on spelling/grammar mistakes, poor sentence structure, tempting content to trigger hasty actions, the promise of unbelievable rewards/returns/benefits, and similar obvious signs to lure the readers
Important: In most cases, the callers will ask you to call on a certain phone number for further details. In any case, avoid calling that number to avoid any complexities