With large-scale incidents such as the Colonial Pipeline infection and the Kaseya supply chain attack making so many headlines these days, it can be easy to forget that malicious actors are still preying on individual users, at work and at home.
According to the FBI, phishing attacks were the most common type of cybercrime in 2020. Using email and social media, cyber criminals lure individuals to click on malicious links or attachments to collect personal and financial information and infect your device with malware and viruses.
Even more concerning, phishing incidents nearly doubled in frequency from 2019 to 2020. While the frequency of attacks varies by industry, 75% of organizations reported some kind of phishing attack in 2020. U.S.-based organizations experienced these types of attacks at a 30% higher rate than the global average.
Each one of us likely has a story about phishing scams that we (or a family member) received, ranging from the mundane to the outlandish. Recently, AvePoint asked social followers to “drop their favorite phishing line.” Here are a few of our favorites:
- “[I] get a lot of missed deliveries/Amazon-esque messages but recently had one from a health service that strikes a chord with many because of the climate we are in: ‘NHS: You have been in contact with someone who has COVID-19. You must order a PCR Testing Kit here: https://nhs-xxxxx.’”
- “Have definitely gotten a message or two from a friend’s FB profile, describing how they’ve been robbed or lost their wallet while traveling, and requesting that I urgently help by wiring them money! Some were definitely more convincing than others, but points for having phished with plausible stories.”
- “Apart from royalty from other countries offering me riches, I had a relative that I had to help understand that just because they got a message that said that they had a virus doesn’t mean they ACTUALLY have a virus. They called the number and ordered $399 software to fix their computer from this horrible virus that was going to “delete all files.” Fortunately, nothing was lost as we were able to put a stop through the bank, but man. It’s important to make sure everyone is educated!”
At the enterprise level, phishing scams are often designed to appear as though they’re coming from a trusted source. For example, DocuSign recently issued a new alert regarding an aggressive phishing attempt that’s been making the rounds, stating, “Malicious URLs are being hidden in legitimate DocuSign envelopes. The emails are being sent from a variety of senders and associated email addresses.”
Whether at work or at home, anyone can be a target. Stay diligent in order to protect yourself, your family, and your organization. More information, including resources and how you can continue to stay cyber smart, can be found at StaySafeOnline.org, hosted by the National Cybersecurity Alliance.