You may think it’s easy to spot an email phishing scam, but if, as a report in Fortune outlines, even two companies positioned at the absolute cutting-edge of high-tech progress can fall prey to this type of fraud (albeit executed on an elaborate scale), maybe it’s time to think again.
On Friday, Fortune revealed that the two high-profile companies conned into making payments of over $100 million were none other than Facebook and Google.
A formal charge of wire fraud and deception was made on March 27 and money has now been recovered. But it has taken a month to learn the extent of the crimes, the approach and the high-profile nature of the victims.
Global anti-cybercrime organization the Anti-Phishing Working Group (APWG) defines phishing as a “criminal mechanism employing both social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials.”
And that mechanism is increasingly an almost perfect recreation of an email purporting to be from an individual, company or institution you’re already familiar with. It’s a tactic that immediately puts even cautious web users slightly off-guard.
Imagine you’re waiting for information about a parcel delivery and an email lands in your inbox claiming to be from a courier service that appears to have the correct address and logo, so you click on it before thinking. No wonder it’s a tactic that’s growing in terms of popularity and sophistication with each year that passes.
The APWG says that it recorded or registered over 1.2 million individual phishing attacks over the course of 2016, up 65 percent on 2015 and, crucially, up 5,753 percent on 2004 when the organization first started tracking the phenomena.
So, how can you protect yourself from being phished?
You weren’t expecting the unexpected.
If a message appears to be from a company or financial institution you already use, why are they getting in touch? If they’re not responding to an email you sent, be on guard.
Does it spell danger?
Click on the email and check for spelling and grammatical mistakes in the address line as well as the email’s body. If it’s legitimate, it should be grammatically flawless.
Call to action
No genuine email would request you to provide personal details or to visit its site via an embedded link within an email message. And if there’s an attachment, just delete the email, altogether. If it is genuine and important, the company will follow up. If it’s from your bank warning of suspicious activity on your account, for example, contact the bank directly and make sure.
Change the filter
Make sure your computer is running the best anti-virus and anti-spam software you can afford. It should help mitigate the risks of accidentally downloading a malicious attachment. JB
RELATED STORY:
Mastercard adds fingerprint sensor to debit and credit cards