Phishing is one of the most common types of cyberattacks that can seriously impact both individuals and organizations. These kinds of attacks can take place almost anywhere online; text, websites, and social media, but are most commonly seen in the form of email.

The SlashNext State of Phishing Report for 2022, released in October, found that there was a 61% increase in the rate of phishing attacks in just the first 6 months of the year compared to last year’s data. Not only have the rates of phishing attacks increased, there was a 50% increase in attacks on mobile devices, with scams and credential theft at the top of the list of payloads.

With all of this in mind, it is perhaps more important than ever to stay vigilant against phishing attacks. Read on to learn more about this type of attack and helpful ways to identify and avoid them.

What is phishing and how does it work?

Phishing is a type of social engineering attack, or an attack that involves psychological manipulation, to steal your personal information or install malicious software on your devices. To accomplish this, cybercriminals will disguise themselves as a legitimate source, such as a well-known company or financial institution, to deliver realistic messages and trick you into giving up your personal information.

Cybercriminals behind these attacks will go to great lengths to make their scams appear legitimate, using the logos and branding of trustworthy sources to disguise themselves. Not only will they create emails under the source’s branding, but they will often create spoofed websites, which are fake websites designed to look legitimate, to accompany them.

The goal of these emails is often to get you to click on a link and enter your personal credentials into the fake website that it leads to. Once that happens, your information will be sent to the attacker behind the scam.

How can I identify a phishing email?

Although it can sometimes be difficult, there are several ways that you can identify a phishing email.

According to fightcybercrime.org, the best ways to identify a phishing email include:

  • Check the sender’s email address. If it is not from a legitimate company, do not open it.
  • Check the URL by hovering over the link.
  • If you are on a desktop computer or laptop, hover over the link with your mouse. You will find the full address of the link either near the link itself or somewhere on the edges of your browser window, depending on what web browser you are using.
  • If you are using your smartphone or tablet, hold your finger down on the link until a window pops up showing the full address of the link. Tap away from the window to close the preview.
  • Be aware of a sense of urgency or threats. For example, phrases such as “you must act now” or “your account will be closed” may be indicators of a phishing attempt.
  • Be cautious of messages that ask for personal information such as your social security number, bank account information, or credit card number.
  • Check for grammatical errors or misspellings.
  • If you are unsure about the message, don’t hesitate to contact the company directly to inquire about it. Don’t use the contact information provided in the email or text message. Look up the company’s contact information on their website or elsewhere.
What can I do if I click on the link or provide my personal information?

If you clicked on a phishing email link or provided your information, first take a deep breath and know that it can happen to anyone.

  • Go to the legitimate website, reset the password on your compromised account and enable two-factor authentication right away. If you are using that password for other accounts, change those too.
  • Forward the suspected phishing email to reportphishing@apwg.org, where the Anti-Phishing Working Group will collect, analyze and share information to prevent future fraud.
  • Mark it as spam.
  • Run a full system scan using antivirus software to check if your device was infected when you clicked the link. If you find viruses, follow these steps on your device. If you still can’t remove the virus, contact a reputable computer repair shop in your area.
Tips & Tricks to Identify a Phishing Email
  • Check the sender’s email address. If it is not from a legitimate company, do not open it.
  • Check the URL by hovering over the link.
    • If you are on a desktop computer or laptop, hover over the link with your mouse. You will find the full address of the link either near the link itself or somewhere on the edges of your browser window, depending on what web browser you are using.
    • If you are using your smartphone or tablet, hold your finger down on the link until a window pops up showing the full address of the link. Tap away from the window to close the preview.
  • Be aware of a sense of urgency or threats. For example, phrases such as “you must act now” or “your account will be closed” may be indicators of a phishing attempt.
  • Be cautious of messages that ask for personal information such as your social security number, bank account information, or credit card number.
  • Check for grammatical errors or misspellings.
  • If you are unsure about the message, don’t hesitate to contact the company directly to inquire about it. Don’t use the contact information provided in the email or text message. Look up the company’s contact information on their website or elsewhere.

As we continue into 2023, it’s guaranteed that cybercriminals will continue to launch more and more phishing campaigns with the hopes of stealing personal information from unsuspecting victims. Remember to always be cautious online and when in doubt, always do your research!

Information retrieved from fightcybercrime.org. For more details on phishing attacks, visit: https://fightcybercrime.org/scams/hacked-devices-accounts/phishing/