Thought leadership. Threat analysis. Cybersecurity news and alerts.
Why do we fall victim to email phishing attacks?
Cyber criminals are crafty when it comes to email phishing attacks. Judging by the results of the most recent Google email phishing campaign, they are succeeding. Cyber criminals are smart, knowledgeable and won’t stop at any means to achieve their goals, which is to acquire your personal information and use it against you and the people on your contact list.
Almost daily, people receive fake emails asking for their personal information, such as user IDs and passwords. These phishing emails can be disguised as if they came from your bank, your email provider, a government agency or even your employer. Cyber crime gangs often prey on our own cybersecurity illiteracy and laziness.
Let me ask you a few questions:
Since cybersecurity illiteracy is what cybercriminals use as an advantage, cybersecurity literacy and awareness would be a good antidote.
The easiest way to spot a phishing email
Most fake emails can be spotted by simply looking at the “from” email address. An email from a fake sender would look something like this: Google Support <email@example.com>. This is definitely a fake. It might not be obvious, but that an email from Google would most certainly come from firstname.lastname@example.org.
In any event, here is the easiest way to spot a phishing scam. Please remember it, print it out and share with others:
If you receive an email whereby someone is asking for your personal information, including your user ID and / or passwords with a sense of urgency, most likely it’s a phishing scam.
Why? Because you bank, your email provider, or your employer WILL NEVER ASK FOR YOUR PERSONAL INFORMATION VIA EMAIL.
For example, you received an email that appears to be from your bank, and it looks something like this:
This is to inform you that due to suspicious activity, your savings account has been locked. Please click here to change your password immediately to re-gain access to your account.
Customer Service Manager”
While it appears legitimate, your bank will never ask to provide any personal information via email. In most cases, they will call you, and will ask you to go to the nearest branch to address any account security related issues.
Even when someone calls you and introduces him or herself as a banking specialist asking for your personal information, you don’t have to provide it. Hang up, call your bank using the number on the back of your bank card, and tell them that you were contacted, and if there are any issue they could help you address. Same goes to calls from any government agency, including the IRS.
Steve E. Driz, I.S.P., ITCP