Last updated: August 2021
Have you noticed more spam mail this year? You’re not alone. In 2020, spam emails averaged just over 50% of all global email traffic. Furthermore, PhishLabs identified a 47% increase in phishing attempts from 2020 to 2021.
They’ve become all too commonplace: those pesky emails that flood your inbox, designed only to siphon your personal and most sensitive information without you knowing. Some are easier to detect than others; if you get an email from a Nigerian prince looking for a place to store his fortune, for example, it’s probably best to delete it. Unfortunately, these “Nigerian” scammers were still a major threat in 2020, especially with content related to the pandemic.
But others are craftier, better designed and harder to detect. These digital scam artists have become quite adept at making fraudulent emails look exactly like legitimate ones, often time from businesses or establishments with which you are familiar and trust. Phishing emails commonly impersonate businesses like PayPal, Apple and banks to steal your personal information like account login. But according to the PhishLabs report, social media accounts are also a trending target, as many users are more carless about securing them. It’s not just emails either.
So what can you do to avoid becoming a victim? There are steps you can take to minimize your risk. By following these 10 tips you'll be well on your way to becoming a phishing scam defense expert.
Phishing is defined as leveraging or exploiting the design of web pages, text messages, social media direct messages and emails in a social engineering attack that tricks the user into thinking they are in a legitimate and secure web session with a trusted site or individual. Often phishing emails will contain links to these phishing sites, which appear to be real. In reality, the phishing site is designed to install malicious software or acquire personal information, including credit card numbers, personal identification numbers (PINs), social security numbers, banking numbers and passwords. This information is then used by the phisher for identity theft, to steal money or for other fraudulent purposes.
Phishers will go after anyone, but they tend to target CEO and CFOs, legal firms, human resources and financial institutions. Additionally, in recent years online stores and social networks have seen an increase in attacks. These groups have client data and sensitive information that attackers aim for and need to be on high alert to protect themselves from phishing scams.
So what can you do to avoid becoming a victim of phishing? There are steps you can take to minimize your risk. By following these 10 tips, you’ll be well on your way to becoming a phishing scam defense expert.
It’s also a best practice to forward phishing emails to reportphishing@apwg.org to the organization being impersonated and to report the phishing to ReportFraud.ftc.gov.
Organizations can protect against phishing by enabling Domain-based Message Authentication, Reporting & Conformance (DMARC). DMARC is an email protocol that dictates email authentication and reporting to help prevent phishing and spoofing.
Once you have enabled DMARC, your organization can apply for a Verified Mark Certificate (VMC) that enables you to put your mark on email marketing and communications. A VMC allows you to render your brand logo in the sender field of email clients so that users know your message has been authenticated. It’s similar to being verified on social media, with the added security benefits of validation and DMARC to protect against phishing.
Organizations can get started on becoming DMARC compliant and acquiring a VMC now.
With remote working here to stay, securing email is relevant for today’s organizations to build trust online. Check out this additional blog post for more tips on securing remote email.
Learn more about phishing scams, the different types of scams out there and how to secure your email.