In the Fourth Annual State of the Phish Report by Wombat, 76% of the InfoSec professionals surveyed reported that they had experienced phishing attacks in 2017.
Phishing: The method of collecting data using emails, websites, and links that are designed to mimic trusted sources. Fraudsters trick users into disclosing private information such as passwords and credit card numbers.
While many attacks, 45%, were experienced via phone calls (vishing) and SMS/text messaging (smishing), certain templates garnered the most interactions. In Wombat’s study, 86% came in the form of online shopping security updates; 86% came in via corporate voicemail from unknown callers; and 89% as corporate email improvements. Plus, two simulated templates in particular garnered a near 100% click rate – one that was masked as a database password reset alert and the other claimed to include an updated building evacuation plan.
One of the best safeguards to prevent becoming a victim of phishing scams is to be alert and know how to spot fraudulent sites and emails.
Signs of a Phishing Site:
- Web address – misspelled or incorrect company names, or extra characters indicate illegitimate sites
- Pop-ups – if you are directed to a website that immediately displays a pop-up asking for your log-in credentials – beware! This is probably a phishing site.
Signs of a Phishing Email:
- Immediate action required – be suspicious of emails that include urgent calls to action, state that an account has been compromised, or will soon be closed. Be cautious of emails containing language about maintenance activities, upgrades, and routine security checks. Don’t be tricked into providing your confidential login credentials or personal data.
- Email domains – pay attention to the little details. Don’t trust the email from your favorite retailer if the address is firstname.lastname@example.org.
- Fake website links – beware of links to websites that contain fake logos to mirror the legitimate website. If the web address contains the official company name but is in the wrong position, the site may not be legitimate. When in doubt, navigate to websites directly versus using the links provided.
At the end of the day, be alert and vigilant! With care and diligence, you can keep yourself from getting a snagged in the harmful net of phishing.
It is also wise to consider seeking the support of an agnostic technology agent or consultant. This trusted advisor can help you review your business needs, gain a deeper overview of the wide range of solutions and how each one fits in with what you're trying to accomplish. In addition to assisting you with procurement, they can also handle ongoing care. To learn more about the benefits of working with a trusted advisor, click here.
Comtel Communications, a telecom/technology consulting agency based in Richmond, Virginia since 1991, provides best-in-class solutions and unbiased counsel to a diverse group of small, medium, and enterprise-level businesses, totaling more than $18.2M in annual billings. Leveraging unique access to 350+ national and international providers, Comtel benefits its clients through competitive quotes from multiple sources, to ensure their business goals are met with current and dynamic telecom and technology services. Acting as a partner, long after contracts are signed and services are deployed, Comtel offers superb back-office support to manage upgrades, track orders, and provide training to clients.
Author: Amy Humphreys