Gone Phishing: Things You Should Know About Personal Cybersecurity
March 17, 2022
In 2020, the FBI reported 791,790 complaints of internet crime, with a total of $4.2 Billion in financial losses, a number that has exponentially risen from the already alarming $1.4 Billion in losses reported over 2016.
When you think of hackers, you may think of what popular culture portrays; shady individuals in dark rooms typing away to get into large organizations such as financial institutions and government agencies. However, the modern hacker is much more refined, and oftentimes arrives in ways you don’t expect. Hackers, or “scammers”, can even be entire teams or known entities of organized individuals who make scamming their living, dedicated to finding ways into the lives and accounts of ordinary people or companies.
According to the FBI’s 2020 Annual Internet Crime Report, phishing accounted for $54,241,075 worth of personal and business losses in the year 2020 alone. Phishing is also a familiar topic in corporate security training because it is incredibly damaging to businesses, oftentimes irreversible, and can be virtually undetectable. In the FBI’s 2020 Annual Report, phishing, vishing, smishing, and pharming surpass identity theft, real estate fraud, and government impersonation with 241,342 victims.
So What is Phishing?
Phishing is defined by the FBI as “The use of unsolicited email, text messages, and telephone calls purportedly from a legitimate company requesting personal, financial, and/or login credentials.”
Phishing attacks come in many forms and can appear to be legitimate; however, they have common characteristics such as making unrealistic demands, poor spelling and grammer, inconsistent URLs, or threating to take some action against you. Here are some of the most common attacks:
You answer a call from someone impersonating a representative from a bank, retailer, or governmental agency
You recieve an email that appears to be sent by a company executive, your boss, or coworker asking you for an odd favor.
You recieve a text asking for your login credentials to your social security account
The common denominator of phishing is to gain an instant reaction out of you, prompting you to click an attached file or frantically input your passwords.
Identification and Protection
As time goes on and technology improves, phishing scams become harder to detect. Most mimic or copy organizational emails very effectively, or provide exact details that seem believable.
Here are a few very common branches of phishing:
Email phishing is e-mails (or texts) that impersonate real companies that you may or may not have an account with, in an attempt to steal or capture log-in information.
Spear Phishing can come in the same forms as regular phishing emails; however, they are often more refined, personalized, and ask for more specific information. An example of this would be an email seemingly from an internal department or employee asking for information such as personal passwords or containing malicious attachments.
Whaling may sound silly, yet it is an appropriate term when the victims in question are high profile. Scammers will often target “whales” or high-ranking individuals for data or money others would not normally have. These victims are also prone to ransom scams where a scammer attempts to threaten those close to them or claim they have a family member held hostage. These crimes are extremely psychologically damaging and have lasting effects on victims.
All of the above attacks can be very refined, especially ones that aim to impersonate. But scammers often slip up and leave out key details. For example, getting a text from an executive you don’t report to or someone claiming to be a CEO you have never spoken to asking for information such as an account password is automatically unusual.
Other flags to look out for include, but are not limited to:
Singular letter changes in emails
Links that change when you hover over them
Attachments with .ZIP, .EXE, .JAR, .BAT endings to file names
Altering in the domain of the email address (from .com to .co)
Victims and Prevention
When phishing is presented in workplace training, it may seem obvious and relatively harmless to those who work with technology on a day-to-day basis. However, phishing impacts a greater proportion of the population than just employees.
The most common victims? Those over 60 years old lost a combined total of $966,062,236 to internet scams in 2020 alone according to the IC3 document from 2020. For many, that may mean parents or grandparents are at high risk, which is why it is so important to know and communicate cyber threats to those close to us. The most impacted states currently stand as Texas, Florida, and New York.
When a phishing attack is caught, the best thing to do is report it to both your employer, and the Internet Crime Complaint Center right away, and make your company or those close to you aware. Phishing attacks are generally sent to a circle of related victims to increase the chances of the scam working.
The best place to get your voice heard, and potentially reverse any financial losses that occur is the FBI Internet Crime Complaint Center. With quick intervention, 82% of cybercrime victims' losses were salvaged.
Phishing and Virtual Mail
In short, it is always best to exercise an abundance of caution with any piece of suspicious communication. While Earth Class Mail handles your physical mail at a single processing center, assuring that nothing happens to your physical mail, it is always encouraged to apply additional security steps to your account in order to protect your data.
Earth Class Mail offers two-factor authentication for both IOS and Android applications, as well as a minimum password requirement that helps keep accounts where they belong一 with their owners!
Find out more with The Postcard
Subscribe to get updates, special offers, and more!
Virtual Mailbox for you!