Phishing is one of the oldest tricks in online scammers’ books. It obtains sensitive information such as login credentials, username passwords, and credit card details from the unsuspecting victims by impersonating a trustworthy entity. Why spend countless hours on breaking highly secure systems, when a well-crafted email can persuade the target to voluntarily handle everything you request? In this article, we’ll tackle phishing from all angles, and show you the best way to avoid email phishing.
Impostors have been playing mind games and taking advantage of people’s trust since the dawn of society. Victor Lustig, the notorious con artist from Austria-Hungary, is infamous for being “the man who sold the Eiffel Tower twice. And what about Frank Abagnale, the legendary fraudster turned security consultant who once impersonated a commercial pilot and gained access to the plane controls?
Often the least-expected characters pull up the most extraordinary swindles. And while in the real world it is much harder to pretend to be someone else, the Internet is a heaven place for scammers to deceive people and companies.
When a Lithuanian man tricks both Google and Facebook into sending him over $100 million, you know just how serious an issue phishing is. Evaldas Rimasauskas impersonated Quanta Computer, a Taiwanese electronics manufacturer that includes Google, Facebook, and Apple as clients. One person completely shattered the security of the tech giants.
Why is phishing so dangerous?
Nowadays, phishing is ubiquitous and anyone can become its victim. From the healthcare industry to individuals, no one is immune to online scams. A new phishing site is launching every 20 seconds, while 86% of email attacks don’t contain malware. Below we’ve listed a few eye-opening stats you probably didn’t know about phishing:
- Phishing accounts for 90% of data breaches
- BEC (Business Email Compromise) scams accounted for over $12 billion in losses in 2018 according to the FBI
- 88% of businesses experienced phishing attacks in 2018 (Proofpoint)
- In January 2017, a Gmail phishing scam targeted nearly 1 billion users worldwide
- 37.9% of Untrained Users Fail Phishing Tests
- Apple is the most imitated company for phishing scams
- Just in one week, Google blocked more than 18 Million COVID-19 phishing emails Daily
As you can see, email phishing is a serious threat that is impossible to wipe out completely. As long as the Internet exists, phishers will find clever ways to manipulate users and businesses. That’s why you should always be aware and alert when opening and managing your emails. With just a few preventive measures, you can spot and ignore a potential scam in no time.
The most common signs of a phishing email:
An odd tone or an unfamiliar greeting. If you suddenly spot a change in the writing style of your long-term business partner, that should immediately raise some alarm bells. And, if the salutation is followed by a call to action, your sense should come to full alert.
Suspicious email address and fake links. You should check the actual URL of the sender and the links within the message. It’s often the quickest way to tell if the email account is genuine or fake. Instead of clicking the links, hover over them and watch for any suspicious wording or domain extension. If the email is allegedly from Paypal.com, but the link is anything but paypal.com, mark the email as spam, and delete it.
Poor grammar. Most legit businesses use proofreading tools before sending an email. One typo may not be the sign of phishing, but consistent spelling mistakes and incorrect use of grammar indicate that something is off.
Request for credentials and payment information. An official-looking email will ask you to visit a fake landing page and submit your personal data or make a payment to resolve an outstanding issue. To avoid this sophisticated scam, visit the site from which the email has supposedly come by typing in the URL, rather than clicking the link.
No digital signatures. A digital signature verifies the identity of the sender. Acting similarly to SSL certificates, digital email certs enable end-to-end encryption of your communications. You can check the status of an incoming email in your client. The green checkmark and verified email address message indicate that the message has been digitally signed by a trusted Certificate Authority.
How to stay away from phishing attacks?
Preventing phishing attacks whether you’re a client or an impersonated company, is all about being proactive. You can add another security layer to your credentials and passwords by enabling the two-factor user authentication. Now, instead of entering your password to log in, you will need to take one more step. You may have to enter a code sent to your mobile device, or even use your fingerprints.
To protect your personal or business identity from being used by phishers, the best thing you can do is digitally sign your email exchanges with special email certificates. Developed by the leading Certificate Authorities Sectigo and Digicert, CPAC and S/MIME certificates encrypt all your outgoing emails and documents, and validate your identity as the real sender.
On top of that, they offer user two-factor authentication to further strengthen your accounts. Whether you’re an individual or a company, the person receiving your email will know that you’re the original sender, and not someone pretending to be you.
Both CPAC and S/MIME certificates are FDA SEG compliant, which is great news for everyone working with the Food and Drug Administration. The FDA has a special platform called ESG (Electronic Submission Gateways), which processes all the incoming emails and documents. The ESG verifies the senders’ identity before dispatching the information to the relevant FDA office. Email SSL certificates ensure that your communication with the FDA is secure.
Finally, you can do your small contribution and report phishing emails to [email protected] and [email protected], so that the web becomes a safer place. While phishing isn’t going to miraculously disappear, learning how to prevent it will keep your sensitive data and money intact.