Cybersecurity Awareness Month 2021: Week 2
What is email phishing?
Email phishing is a form of cybercrime in which scammers attempt to solicit personal information from an unsuspecting person using seemingly legitimate email domains and messages. Often, they will impersonate organizations you know and trust, like banks, online stores, online payment websites, social networking sites, and credit card companies. Though launching email phishing campaigns is one of the oldest tricks in the book for scammers, it remains one of the most effective ways to harvest peoples credit card information, social security numbers, and account information. The FBI’s Internet Crime Complaint Center reported that people lost $57 million to phishing scams in 2019 alone. In 2020, 74% of US organizations experienced a successful phishing attack. Clearly, email phishing remains a simple, yet powerful way cybercriminals are able to exploit email users. Continue reading to learn about how to detect and protect yourself from email phishing campaigns.
What are the red flags of email phishing?
Often, senders of phishing emails create a sense of urgency to encourage you to click a link or download an attachment. Hackers sending phishing emails may:
- Ask you to confirm personal information
- Say that there’s an issue with your account or payment information
- Offer a coupon or free items
- Claim they’ve noticed suspicious activity or log-in attempts
- Tell you you’re eligible for a government refund
Additionally, these emails may include:
- Awkward or unusual formatting
- Urgent subject lines
- Frequent and explicit call outs to click on a lick or open an attachment
- Lookalike email addresses
- Addresses may contain slight misspellings of a legitimate company domain like account_manager@com (notice the two “i’s” in the domain name)
How can I protect myself from email phishing?
Firstly, be aware of the red flags of email phishing outlined earlier. Simply knowing what phishing emails may look like and paying close attention to the legitimacy of an email’s domain is a good foundation of defense for all email users. Secondly, you should protect your devices from threats in general by using a security software. This way, even if you try to click on a suspicious link or attachment, your device may warn you or block you from doing so. Additionally, you should set all your devices to update software automatically. Software updates often contain patches to potential vulnerabilities that scammers may try to exploit to steal your information. You should regularly back up your data as part of your cyber hygiene routine. Backing up your data to an external hard drive or cloud storage ensures that even if phishing emails are able to exploit and wreak havoc on your device, you’ll have the reassurance that your data is still accessible elsewhere. Finally, you should look into the training of end-users using simulated phishing attacks.
How do I report email phishing?
Fortunately, many company email accounts have a “report phishing” button built into their email platform. If you’re using a work or personal email account without this feature, you should still report any suspected phishing emails to your organization, the Anti-Phishing Working Group at email@example.com and to the FTC at ReportFraud.ftc.gov. Reporting these attacks helps federal and private organizations fight scammers by giving them additional details regarding the tactics scammers use to trick people.
Remember, any email containing a link or attachment should be considered high risk and warrant additional suspicion. If you are worried about receiving malicious emails or want to train your employees on email security, feel free to reach out to us at firstname.lastname@example.org or via phone at 703-790-0400.