The fraudulent effort to gain sensitive data, such as usernames and passwords, credit card numbers, or other data, is referred to as phishing, in which the imposter is impersonating a trustworthy entity in digital communication.
Everyone uses the Internet and social media nowadays, so phishing attacks are part of everyday life. Each of us has been a victim of a phishing attack at some point.
There are many ways in which these attacks can occur, from emails to announcements to news. It involves even entities, such as a particular police station, a particular hospital, or a particular media outlet sometimes falling into this trap.
As a result of these attacks, these individuals are always striving to gain as much trust as they can by telling you lies, sometimes consisting of: "Your doctor has some concerns regarding your latest blood results, please email him to help you out!", or "Your card has been declined just a second ago! Please click here to prove that it's you!" or "A warrant has been issued on your name, please click here to see why!". There may be situations that seem real, but are really fake, which you may fall into because you are human and tend to trust stuff that seems "serious" and "trustworthy."
Phishing usually takes place over email, instant messaging, and text messaging. People are often misled into entering their personal information on a site that looks almost identical to a valid one.
Is it possible to spot a phishing attack? Yes! The following signs should be taken into consideration:
It might sound catchy or unreal!
It might include bad grammar, spelling mistakes!
It might be sent from an unfamiliar email address or from a person that you haven't met before!
It might include short links!
It might ask you to provide personal information!
It might include threats, demands, etc.
It might have attached a suspicious file/document (which is usually a virus).
The following numbers represent the number of phishing attacks in each year (from the APWG - Phishing Attack Trends Reports:
2005: 173.063 attacks per year
2006: 268.126 attacks per year
2007: 327.814 attacks per year
2008: 335.965 attacks per year
2009: 412.392 attacks per year
2010: 313.517 attacks per year
2011: 284.445 attacks per year
2012: 320.081 attacks per year
2013: 491.399 attacks per year
2014: 704.178 attacks per year
2015: 1.413.978 attacks per year
2016: 1.313.771 attacks per year
2017: 1.122.156 attacks per year
2018: 1.040.654 attacks per year
2019: 475.369 attacks per year
One thing is certain: these attackers are becoming smarter and smarter each year.
For example, according to the Security Boulevard report, in 2020:
"97% of users were unable to recognize a sophisticated phishing email"
"85% of all organizations have been hit by a phishing attack at least once"
"The number of phishing emails that contain some form of ransomware rose to 97.25% since 2016"
"1 in every 8 employees shares information on a phishing site"
"More than 60,000 phishing websites were reported in March 2020"
Make sure to check these boxes when you feel like you might be the victim of a phishing attack:
Look at the email address. If it’s a weird one, really long, with a lot of misplaced numbers and letters, then it’s best if you don’t click anything.
Do not download anything from that email, if you’re not sure that it’s a legit one!
If there are any links included, hover over them with your mouse to see if there is any preview. Usually, this is an option.
If you were not expecting an email from that person, then maybe it’s better to send an email and talk about your concerns, to see if it’s been sent by them or not.
Try to ask around! Usually, these attackers target many people at once, from the same list (maybe one of your friends is going through the same thing).
Cybercriminals do not just target old people or those who do not use the internet proficiently. You can see that businesses and organizations are also among their main targets.
As a result, keep your data safe out there! Who knows who might want yours! A friendly message may conceal a bigger threat.