As the global pandemic enters its second year, IT and infosec teams continue to face challenges on all sides. On top of “ordinary” cybersecurity issues, they’re dealing with an explosion of pandemic-themed phishing scams and a continued surge in ransomware attacks—all while attempting to transition many users to work-from-home environments, effectively overnight. Overall, the first half of 2021 shows a 22% increase in the volume of phishing attacks compared to first half of 2020, PhishLabs reveals.
The frequency of attacks varies industry-by-industry. But 75% of organizations around the world experienced some kind of phishing attack in 2020. Another 35% experienced spear phishing, and 65% faced BEC attacks.
How phishing attacks are delivered
As per report by version, 96% of phishing attacks arrive by email. Another 3% are carried out through malicious websites and just 1% via phone. When it’s done over the telephone, it’s called as vishing and when it’s done via text message, smishing.
vIn 2019, PDFs & Microsoft Office files (sent via email) were the delivery vehicles – just because those type of files are universally trusted. The common subject lines of the email used to contain words like ‘Urgent’, ‘Request’, ‘Important’, ‘Payment’, ‘Attention’.
The data that’s compromised in Phishing Attack
The data that are compromised using phishing attack can be categorized in to 3 types.
- Credentials (passwords, usernames, pin numbers)
- Personal data (name, address, email address)
- Medical (treatment information, insurance claims)
Protect yourself from being a victim
Internet protection starts with your mindset and behavior toward potential cyber-threats. Below are some of the basic measures to avoid being a victim.
- Use common sense before handling any sensitive information: When you get an alert from your bank or other major institution, never click the link in the email. Instead, open your browser window and type the address directly into the URL field so you can make sure the site is real.
- Never trust alarming messages: Most reputable companies will not request personal information or account details via email. This includes your bank, insurance company, and any company you do business with. If you ever receive an email asking for any type of account information, immediately delete it and then call the company to confirm that your account is OK.
- Do not open attachments: Do not open any attachment in suspicious or strange emails — especially Word, Excel, PowerPoint or PDF attachments.
- Avoid clicking embedded links: These links can be seeded with malware. Be cautious when receiving messages from vendors or third parties; never click on embedded URLs in the original message. Instead, visit the site directly by typing in the correct URL address to verify the request, and review the vendor’s contact policies and procedures for requesting information.
- Keep your software and operating system up to date: Windows OS products are often targets of phishing and other malicious attacks, so be sure you’re secure and up to date. Especially for those still running anything older versions of Windows.
Last updated:
0 Comments