Phishing: Top Cyberthreat to Watch Out for
Technology continues to push the boundaries of sophisticated innovation and advancement in today’s industries. But with the many benefits of modern technology, including Artificial Intelligence (AI), Robotic Process Automation (RPA) and 5G, comes major drawbacks. For example, simultaneously advanced cyber scams and threats jeopardize the integrity of one’s online work and presence.
The most prevalent cybersecurity attack in 2022 was phishing. Phishing is a cyberthreat that attempts to steal one’s personal information, such as identity, passwords or bank information, through fraudulent emails or websites. Phishing scams often appear as credible organizations, websites, or personal and professional contacts misdirecting individuals to malware. This scam is popular due to its effectiveness and appeal of authenticity. APWG reports that in 2022, 1,025,968 individuals fell victim to phishing attacks, the highest ever recorded amount.
Anyone can fall victim to phishing. Identifying phishing is the crucial step to protecting sensitive information.
Phishing has no boundaries, often targeting entire groups or organizations in hopes of just a few naïve individuals succumbing to the cyberattack. Awareness of this threat is the best defense to protecting information from being exploited by hackers. Some ways to identify phishing include:
- Generic emails with improper grammar – Corporate messaging is typically edited to be professional and filtered to match an organization’s tone and attitude. Phishing emails are riddled with grammatical errors, feature generic writing and greetings, and often appear as templates.
- Suspicious attachments and links – Phishing comes in all forms, including social media posts, text messages, websites, or emails. Malicious attachments and their directed websites appear to be imitations of an organization’s traditional website and are used to install malware onto devices or seek personal information. Hovering over links before opening ensures the validity of attachments.
- Urgent call to action – Phishing relies on urgency so individuals don’t have time to process the threat. Examples of calls to action include requesting updated payment information or posed colleagues seeking business-related payments. Slow down and analyze suspicious messages before acting upon their desired action.
- Improper email or website domains – Messages sent from public domain emails, such as “@Gmail.com,” and never directly from organization domains can signify a phishing attack. Large organizations often have their own domain emails, such as Google and “@Google.com,” where official messaging is sent to their customers. Ensure domain names are grammatically correct to prove legitimacy.
- Probing questions – Social media and chat platforms have become major targets for phishing attacks, especially in the wake of the COVID-19 pandemic. In addition to the items listed above, be wary of any posts asking you to share personal information like where you were born, the name of your high school, the street you grew up on, etc. While they may seem harmless, these posts are often attempts to uncover the answers to security questions that safeguard your accounts. This information can also be used to open new accounts using your identity.
What to do when threatened with a phishing attempt
If you spot a phishing attack, never click on the message or its attachments. Instead, confirm its validity, report the message to your cyberdefense team, and delete it from your inbox. Safe cybersecurity practices, such as using strong passwords or multi-step authorization, also help protect sensitive data if a breach occurs.
RELI Group employs the latest technology breakthroughs to improve services and increase access.
RELI’s Cyber and Security Operations team provides efficiency and safety across IT sectors. In addition, our team collaborates to provide Security Assessment and Authorization, Security Training and Guidance, and Information Systems Security in compliance with state, federal and agency regulations. To learn more about RELI’s commitment to security, privacy, and data protection, please visit https://www.religroupinc.com/capability/cyber-security-operations/.