As the tide
of phishing attacks rises, improving your scam-spotting skills is never a bad
idea
Many people are confident
in their ability to recognize phishing scams a mile away. In a recent survey,
however, only 5% of the respondents had a 100-percent success rate in spotting
simulated attacks aimed at stealing their sensitive information. This may
ultimately help explain why this type of fraud continues to pay dividends for
ne’er-do-wells.
The survey and quiz of over 900 Americans, conducted by
security.org, also found that 9 out of 10 respondents could match phishing with
its definition fairly accurately. The vast majority also knew that such attacks
often begin with an email. On the other hand, not all the respondents were well
versed in other forms that phishing could take.
Here’s a quick refresher:
At its simplest, phishing is an unsolicited email,
text or any other form of electronic communication where attackers impersonate
a trusted institution and attempt to purloin your data. The information, such
as your login credentials, can then be misused or sold by the attackers for
nefarious purposes, usually fraud and identity theft. According to the FBI’s
latest Internet Crime Report, the number of victims of
phishing attacks increased by 59% between 2015 and 2018. It’s also safe to say
that many cases of online fraud go unreported.
Back to the survey,
however. Almost one-half of the respondents didn’t associate phishing with malware campaigns, whereas a similar
proportion were unaware of possible links between the scams and malvertising.
Meanwhile, one-third didn’t think phishing could happen through social media.
As ESET researchers have documented numerous times, social
media are increasingly abused for phishing attacks.
There is a generational
divide present as well. Whereas millennials were more likely to think that
phishing campaigns can take place through social media, baby boomers were more
skeptical. By contrast, when it came the question of whether an email could be
used for phishing, baby boomers were particularly amenable to the idea.
Even if you’re aware of
this pervasive online con, it doesn’t necessarily mean that you’re immune to
taking the bait. Indeed, academics have devised a test that gauges people’s
susceptibility to falling for scams based on a number of personality traits.
At any rate, there are
several easy-to-follow practical steps you can take to protect yourself against
phishing attacks:
·
Never click on links, download files or open
attachments in messages even if they appear to be from a known, trusted source
– unless you are absolutely sure that the message is authentic.
·
Always scrutinize the email address, established
institutions usually use their own domain and not, say, a Gmail address.
·
Look out for shoddy spelling and grammar mistakes,
as phishing emails are often ridden with them.
·
Watch out for domains that are often slightly
altered to resemble the domains of legitimate service
providers.
·
Be wary of a sense of urgency or threat that the
messages typically seek to evoke.
For a more detailed
treatment of tell-tale signs of phishing, please refer to Phish Allergy – Recognizing Phishing
Messages.
The quiz is available on security.org, but if
you’re up for more testing, you can always take Google’s test we wrote about recently.