(September 22, 2022) Phishing attacks continue to be a preferred method hackers use to propagate malware and steal user credentials and other sensitive information, according to Proofpoint’s 2022 State of the Phish Report. Of the 600 IT security professionals surveyed for the report, 86 percent said their organizations experienced bulk phishing attacks in 2021, up from 77 percent in 2020. Targeted phishing attacks, including spear phishing and business email compromise (BEC), increased 18 percent year over year. That’s why it’s critical that users know how to spot the signs of a phishing attack. Do you know how to spot a phishing attack?
Traditionally, hackers have used email to distribute phishing scams, but other methods are on the rise. Collaboration tools have skyrocketed, and those platforms have become fertile breeding grounds for phishing messages. Many users believe that messaging is internal and controlled, creating a false sense of security that encourages them to let down their guard.
Another method on the rise is the use of social media. The hackers utilize highly emotional topics such as politics to get users to click on links that contain malware.
Phishing capitalizes on the fact that humans are the weakest link in the security chain. Whether from a sense of expediency or a desire to be helpful, people will often click on a link or open an attachment in a phishing email or text message. The risks are even greater in remote and hybrid work models, with people using personal devices that lack many of the security protections provided by the corporate network.
It would be a mistake to assume that all attacks are clumsy and easy to spot. However, these factors can be helpful in identifying phishing scams:
- The email or text asks for personal or sensitive information. Scams commonly involve messages that appear to be from a legitimate business asking you to “confirm” your account information. Legitimate companies will not ask for login details or other personal information by email.
- It is impersonal. Phishing messages often use generic salutations such as “Dear account holder” or “To our valued customer.” Legitimate companies are more likely to address you by name.
- The source is suspicious. Professional organizations won’t send emails from Gmail or Hotmail accounts. Even addresses that look legit at first glance require further scrutiny. Users should hover their mouse pointer over the link or the address to reveal the true source.
- There’s an attachment. An unsolicited email with an attachment is a huge red flag. Legitimate companies rarely do this. They are far more likely to provide directions on how to download a document from their website.
- There’s a suspicious hyperlink. An embedded hyperlink is another red flag. Cybercriminals use embedded links to redirect you to phony websites in an attempt to either extract personal information or download malware.
- It is poorly written. Spoofed messages often originate in countries where English is not the native language, resulting in spelling, grammar, logic, and syntax errors.
- There’s a heightened sense of urgency. Phishing scams are meant to make you act quickly without taking the time to investigate fully. Many suggest there is a risk of having your account suspended or terminated unless action is taken immediately. Legitimate organizations don’t rely on email messages to deliver such news.
- It’s too good to be true. Offers of incredible deals or amazing rewards are also designed to get you to act quickly without considering the risk. For example, phishing scams offering expedited stimulus payments have been widespread during the pandemic.
Cybersecurity training and education programs are essential for boosting the security of your remote workforce. Best-in-class programs offer phishing-specific training and even provide tools for simulating a phishing attack to test user awareness. Your managed services provider (MSP) partner can help you select and implement a security-focused training program while also minimizing the risk that phishing messages will reach your users’ inboxes.
ABOUT MAINSTREAM TECHNOLOGIES
Mainstream Technologies delivers a full range of technology services in Arkansas and the surrounding region including managed technology States services and consulting custom software development and cybersecurity services. We also offer industry-leading data center services in our Little Rock facilities. Established in 1996, Mainstream has earned a reputation for delivering quality, reliable, and professional technology services for public and private-sector customers across the United.
Jeff Pracht
IT Business Development Manager
(479) 715-8629 Office
(501) 529-0008 Mobile
