Cybersecurity Awareness Month, observed every October, was created as a collaborative effort between the government and businesses to ensure that every American has the resources they need to stay safer and more secure online.
As part of this annual campaign, we are taking the opportunity to dive deeper into online phishing, an incredibly common and dangerous form of cybercrime. Phishing attacks occur when cybercriminals employ deceptive messages to trick users into divulging sensitive information like credit card numbers or to initiate malware on their systems. These attacks are on the rise, with a notable 61% increase in the rate of phishing attacks in the six months leading up to October 2022, compared to the previous year.
To appear genuine, these pitches typically use:
- the names of real people or organizations
- legitimate-looking addresses
- authentic-looking logos and graphics
- links to pages of a seemingly credible website
- official-looking fine print and references to laws
Most phishing campaigns attempt to lure you into providing sensitive personal information by requesting that you reply to the sender or click on a link that mimics a legitimate website and asks you to provide the information. Phishing scams might also encourage you to click on a link or download software that will then secretly install malicious software on your computer or other devices.
Phishing messages often apply “urgency” to incite you to act, such as claiming that your account has been or will be shut down unless you click the link, or that you need to verify your identity (and provide sensitive information) due to fraudulent or illegal activity using your information.
Staying vigilant online and being skeptical of unexpected messages is crucial as cybercrime evolves rapidly. In the past, misspelled company names and jumbled website URLs were clear tip-offs to phishing attempts. However, scammers have evolved their tactics, and now seemingly legitimate links can hijack users to a fraudulent site through technical code buried behind the message. This underscores the critical importance of not replying to or clicking on links in unsolicited messages, whether via email, text, encrypted messages, or any other electronic message platform, even if they appear to be from someone you know or an institution with which you do business.
- Verify the claim by independently logging onto the company’s main website or calling using a telephone number obtained from a separate source. For instance, type the URL found on a legitimate account statement directly into your browser, check the account using the associated app on your mobile device, or call the phone number found on the back of your credit card.
- Check whether an email address or text might be mimicking a legitimate sender in a phishing attempt. For instance, does the visible sender’s name match the underlying email address? Did the message come from a public email server, such as Gmail, but purport to come from a business or government agency? Did the text come from an email address or an unusual number, such as an international number? If you suspect a scam, block the sender, and report the message as junk.
- If the suspicious message appears to be from a trusted colleague or family member, call the individual and ask them if they recently sent you a message.
- Use only secure networks to access your financial accounts, always enable multi-factor authentication (MFA), if available, and be sure to create strong passwords for your accounts and any financial apps you use.
- Regularly review your account statements and activity for any unrecognized transactions, and immediately report any suspicious activity to your financial institution. Check your credit report often, looking for accounts you didn’t open and any unexplained activity.
As we mark Cybersecurity Awareness Month, it’s crucial to remain vigilant against the rising threat of phishing scams. These attacks continue to evolve and become more sophisticated, posing a significant risk to online security. Remember, if you ever have a question about whether you’re experiencing a phishing scam or if you’re unsure about the legitimacy of a message, don’t hesitate to reach out to us. Your safety and security online are our top priorities. Stay cautious, follow the best practices mentioned in this article, and together, we can combat cyber threats effectively.