In today’s modern, connected world we rely more than ever on the internet and technology in both our personal and work lives. Unfortunately, this increased use of online tech has attracted cybercriminals and online crime is big business these days with hackers constantly finding new ways to infiltrate our personal data.
It’s estimated the cost of cybercrime will top $6 trillion in 2021 – with an expected increase to $10.5 trillion by 2025. Indeed, comparatively, the revenue generated by online crime makes it the world’s third-largest economy, just behind the US and China.
With so much money at stake, hackers are finding increasingly sophisticated ways to gain access to our files – with one of the most popular recent trends being a tactic called phishing.
What Is Phishing – And Why Should I Be Worried?
In a phishing attack, a hacker plays on our innate human desire to trust and uses a form of social engineering to steal our data. Phishing usually involves the hacker masquerading as another, known company or platform where they request or steal usernames and passwords.
Phishing most commonly involves a fake, branded email requesting information or sometimes linking out to a similarly-familiar bogus website, which the victim inherently trusts. The only way to protect against this form of psychological attack is to educate yourself or your employees to recognize the risks.
Note, if your company relies on its IT services to any degree, you should employ the services of a professional IT service provider to give your firm the greatest protection. If you fall victim to an attack, an expert IT company will be able to isolate and eliminate the problem – and will likely be able to nip it in the bud before it causes any damage. As an individual user, you should also install and regularly update anti-virus software and firewall technology.
Tips To Spot A Phishing Attack
Phishing attacks are so successful because we innately trust companies and services we know. Nonetheless, there are some tell-tale signs that can help you recognize an attack and prevent it from happening.
Genuine companies don’t request user details by email: The vast majority of responsible companies never request sensitive information by email. If you receive a mail requesting these sorts of details, it’s likely to be a scam. If in doubt, call the company instead (using the real number on their genuine site).
Check the email/web address: One of the easiest ways to identify phishing is to check the originating email or web address. Addresses will usually appear convoluted compared to a genuine address e.g. a hacker might use email@example.com where the real address would be simply firstname.lastname@example.org.
Legitimate companies will use your real name: Another tell-tale sign is an email that uses a generic greeting rather than your real name.
Check for spelling mistakes: Spelling mistakes are common in bogus emails (not the sort of mistake a genuine company would make). Also, hackers often intentionally include bad spelling and syntax as a way to identify the less-educated (believed to be easier targets).
Be wary of emails with attachments: Genuine companies will usually direct you to an official link on their website if they want you to download documents rather than sending unsolicited emails with attachments. While this isn’t 100% always the case, be very wary of attachments in emails (particularly .zip, .exe and .scr files).