The email message from your financial institution looks valid, warning you about a security issue on your account, but how can you be sure it’s not a phishing attack?
Phishing is an attempt to trick users into providing personal information by using email messages, websites, or phone calls. In the second half of 2013, over 115,000 unique phishing attacks occurred worldwide, a 60 percent increase over the first half of 2013.
While the infographic focuses on government employees and agencies, the information and tips apply to everyone on the Internet.
Check out the key takeaways.
Source: The State of Phishing
- Every day 156 million phishing emails are sent, 15.6 million make it through spam filters, 800,000 click on the phishing links, 80,000 people provide their information, and 8,000 are opened by the recipient
- Almost 40 percent of Canada’s Justice Department clicked a phishing link in their email
- Examples of phishing include: link manipulation: a link is manipulated to take the user to a hacker’s website; filter evasion: images are used to get past spam filters, website forgery: opening a fraudulent link shows a legitimate address bar, and phone phishing: automated calls from a bank or financial institution asking for account numbers or PIN numbers, with legitimate-looking caller ID.
- Army Thrift Savings Plan Phishing Test targeting U.S. Army employees showed phishing works. It took three weeks to track down the sender of the security test. By that time, U.S. employees had forwarded the email to thousands of friends and colleagues.
To avoid phishing:
- Keep your anti-virus, anti-spyware, and anti-malware applications current
- Keep your applications and operating systems current and fully patched
- If you work at a government agency, keep all cyber-intelligence services maintained and up-to-date. If your agency doesn’t have a cyber-intelligence service, consider subscribing to one.
- Phishing attacks target everyone, interns to members of Congress (and anyone on the Internet). Education and awareness programs are good investments of time and expense.
- If you received a “phishy” email, delete it and report it to your cybersecurity personnel