Phishing and email spam is thought to cost businesses over $1 billion each year, and hackers are becoming more complex in the campaigns they launch to try to steal confidential data or passwords from innocent Internet users.
Part of the reason why phishing and email spam still work is the language used within the communication. The message to “Act Now” because an account seems to have been impacted, or because a colleague seems to need urgent support, often causes people to act before they think.
Even experienced security consultants have been caught by phishing and email spam, and the advice provided to every Internet user is:
- If you do not know whether an email request is legitimate, try to verify it by contacting the sender independently of the information given in the email.
- Never handover confidential data or passwords requested in an email or on a web page you have arrived at after clicking on a link in an email.
- Turn on spam filters on your email, keep your anti-virus software up-to-date and turn on two-step authentication on all your accounts whenever you can.
- Always use different passwords for separate accounts, and amend them frequently to stop being a victim of keylogging malware downloads.
- Remember that phishing and email spam is not restricted to email. Watch out for scams sent through social media channels.
Phishing in particular has become a popular attack vector for hackers. Although phishing goes back to the first days of AOL, there has been a tenfold increase in phishing campaigns over the past 10 years reported to the Anti-Phishing Working Group (APWG).
Phishing is an extension of spam mail and can focus on small groups of people (spear phishing) or target executive-level management (whale phishing) in order to gather data or obtain access to computer systems.
The best way to safeguard yourself from phishing and email spam is to use the advice provided above and – most importantly – enable a reputable spam filter to block possibly unsafe emails from being sent to your inbox.