- Security TWENTY
- Women in Security Awards
There has been a tremendous escalation in phishing attacks in 2016, according to the latest report from APWG (Anti-Phishing Working Group). The report for Q2’2016 shows that the number of phishing attacks has broken all records, writes Peter Buttler.
The report shows that APWG observed 466,065 phishing websites in the second quarter of 2016. It is over 250pc as compared to the year 2015. While researching in Q1’2016 the senior research fellow at APWG, Greg Aron, said: “We always see a surge in phishing during the holiday season, but the number of phishing sites kept going up from December into the spring of 2016. The sustained increase in 2016 shows phishers launching more sites, and is cause for concern.”
Phishing is a cyber-tactic used by the fraudster and cyber criminals over the internet to illicitly retrieve sensitive and private information from people. They do so by using deceptive emails and texts which appear to come from reliable brands and organizations and lure them into entering their credentials and other sensitive information. Needless to say, it is something that we all need to be aware of, as such attacks aren’t going to end soon. For, SMEs and other organizations it should be concerning as the retail/services suffered 43 percent phishing attacks.
Simple habits will help you keep safe against phishing attacks.
1. Be sensible while dealing with phishing emails
You can significantly mitigate the risks of falling victim to phishing attacks is by being smart and sensible while surfing the internet especially while web browsing and checking emails. The phishing attack is seen as the culprit to hack into Hillary Clinton’s email addresses. For example, never click on links, download, or open attachments in emails or on social media websites, even if it appears from a trusted source. Then what it is the point of even surfing the web? You should never click on any link unless you are absolutely sure of it. Hover the mouse over the link and see where it redirects you and makes sure it is authentic. Open a new tab and type in the home address that the link will redirect you to and check the authenticity. Be wary of the emails which ask you to enter your confidential information especially log-in credentials and banks. As legitimate organizations, and especially banks, will NEVER request any of your private information.
2. Avoid shortened links
You should pay attention to the shortened URLs, especially over social media. Phishing attacks often use shortened URL services such as Bitly and others, to trick you into thinking that you are clicking on a legitimate link, but in fact, inadvertently you go to a fake site. Hover your mouse over the link and see if the written link is same as the link you are being directed. Cybercriminals direct you to a fake authentic looking website to ask for your sensitive information.
3. Re-read suspicious looking emails
Most of the phishing emails are fairly obvious. The emails are usually full of typos, meaningless exclamation marks, and capital letters. It may also start with impersonal salutations such as ‘Dear Sir/Madam’ or ‘Dear Customer’ – or feature implausible surprising content. Cyber criminals often make these mistakes in phishing emails, sometimes deliberately to pass spam filters, grab people’s attention, and filter the ‘smart’ people who won’t fall for such tricks.
4. Avoid emails with threats and urgent deadlines
Sometimes a reputable company gives you inconvenience to ask you to do something such as asking you to change the password after a data breach. Although, this is an exception to the rule, but phishing emails use this tactic and often threaten you, for example, notices of fine, account cancellation and many others. Ignore these scare tactics and contact the company via trusted channel and confirm the notification that is sent to you.
5. Browse securely
You should always check for website security, indicated by HTTPs and a green lock icon), and mean that the site is secured. Use secure websites to browse, especially when entering sensitive information such as credit card details. It is recommended to use an HTTPs everywhere a project of EFF.
6. Other security tips
Use email encryption where ever possible to secure your email and a redirect detection tools to check URL redirections. Use a virtual private network (VPN) to protect your internet traffic and identity theft while web-browsing, especially when you are on a public wireless network which tends to be insecure.
By following these practices, it should be easier to spot insecure websites and phishing attacks. To overcome this issue, Google in its blog post said that it is looking forward to cracking down on unsecured websites and label them for not providing appropriate protection.