Phishing attacks have steadily risen since 2011, according to a report released by Verizon this year. 23% of people who receive phishing emails open the email, and 11% of these people click on links in these emails. 50% of these people open and click within the first hour.
Verizon also claims that at one point, phishing was a cute AOL hack. You’d receive an email with an offer for a free cup holder, and once you opened the attachment, your CD-ROM drive would open (you might have seen this commercial). Nowadays, however, opening attachments like this can potentially destroy your hardware, software, reputation, finances, business, and future. We’ve certainly come a long way from an innocent and humorous hardware hack.
Phishing attacks may be on the rise because the tactics hackers employ are far more superior than they once were. We went from general attempts to hopefully pique interest to sophisticated and targeted that will definitely instill some degree of curiosity. Hackers research job titles, partner information, and company background to nearly force your hand into opening emails and clicking attachments.
To avoid these detrimental actions, we have put together three categories to help you maneuver through your inbox more safely and, hopefully, more guarded.
Always pay attention to who the email comes from. If it comes from a person or a business you are unfamiliar with, you may not want to open the email at all (or at the very least, not touch anything inside the email). Reviewing the subject line can assist you in determining whether or not the sender has malicious intentions.
With more sophisticated attacks, this category may eventually prove to be less useful. But for now, you can probably avoid many attacks by scrutinizing the content within the email. How is it written? Are there any mistakes? Is everything spelled correctly (links included)?
Take into consideration a large business. They have multiple rounds of edits before sending out an email—on top of the fact that most established companies have a designated copywriter creating their content. There should be absolutely no errors inside their email.
What is it that the email is asking you to do? Send personal information? Verify your login credentials? Open an attachment? If you receive an email that asks you to do any of these actions, don’t do it.
Think about the company you receive your car insurance from. Progressive, for instance, does everything on their website. They would never ask you to verify your login via email, and they would certainly never ask you to respond to an email with personal information. And 99% of the time, you receive documents and attachments after logging into their website and once you’ve accessed your user profile.
As far as links are concerned, it’s always best to find a workaround. If Progressive asks you to complete an action by clicking on a given link, don’t do it. Access their website by typing their homepage into your address bar. If there is no way to get to the link from their homepage or user profile, then pick up the phone and call the customer service number on their website (do not use any numbers in the email). It is significantly more work, but it’s definitely worth it.
At the end of the day, skepticism is your greatest ally. If you open an email or click on a link, make sure you can verify the three categories above. The sender is legitimate, the copy is well written, and the call to action is reasonable.