If you haven’t been a victim of phishing scams chances are you know someone who has. According to Valimail’s research, every day, 3.4 billion phishing scams are sent out across the world. Our inboxes are bombarded with offers that seem too good to be true, whether it’s a Nigerian prince with accounting problems, an unknown parcel delivery, or a mail announcing you’ve won a European lottery you never joined. 96 percent of cyberattacks begin with a phishing email, another 3 percent from malicious websites, and just 1% by phone. The rise in phishing scams means email communication networks are increasingly infested with cybercrime. According to a Symantec study, in 2020, 1 out of every 4,200 emails sent was a phishing email.
Unfortunately, the pandemic presented an ideal breeding ground for phishing scams. Many of us were caught off guard and had to quickly adjust through challenging times, with the sudden shift to working from home, home schooling, isolation, and lockdowns leading to much higher usage of the internet, leaving unwitting Aussies vulnerable to online phishing scams. The Australian Competition and Consumer Commission (ACCC) says that losses from scam activities increased by 23 percent in 2020 as compared to 2019.
According to the Australian Cyber Security Centre Australians are being targeted with COVID-19-themed scams, phishing attempts, and fake email schemes. Almost 1 in every 5 Australians was a victim of an online scam with the average amount surpassing $2400 per individual during the pandemic. As frightening as these figures are, we know that around one-third of people who are scammed never report it, so the real numbers are likely to be much higher.
To properly protect ourselves from falling victim to a phishing scam there are some simple actions that we can all take, such as using antivirus solutions, updating software, updating privacy settings, creating secure and strong passwords, and enabling two-factor authentication.
Here are some helpful tips on how to identify and avoid phishing scams:
Update your browser: It can be frustrating to receive constant reminders to update your system and it’s easy to just disregard them. These security alerts and updates are actually a very important step in keeping your browser up-to-date and your computer safe and secure from identity theft, phishing attacks, viruses, spyware, adware, and other types of malware.
Check the details: Phishing emails usually appear to be from a trusted organisation you’re quite familiar with and while some of them are obvious phonies others can be remarkably convincing. They may appear to be from a bank, credit card company, social networking site, online payment website or app, or online retailer. Phishing emails use a sense of urgency or call for immediate action to trick you into clicking on a link or downloading a file. When you receive an email from a sender you don’t recognise or that Outlook flags as a new sender, take a minute to thoroughly examine it before proceeding. Check the email address, look for spelling or grammatical errors, and never follow a link in an email you’re suspicious of. If in doubt, it’s worth calling the company who sent you the email to check that it’s legitimate.
Look out for suspicious emails at work: Aside from phishing, cybercriminals use spear-phishing to target specific people and organisations, with the cleverly customised email containing accurate information to make them look more credible and make them difficult to detect. The intention is often to steal data, but cybercriminals may also try to install malware on a targeted user’s computer. Staff needs to be aware of these kinds of threats and keep an eye out for fake emails at work. Besides educating staff it’s a good idea to investigate specific technology that focuses on email security.
Protect privacy on social media: Cybercriminals like to extract your personal information from social media and exploit it to guess passwords, develop targeted phishing messages, and execute other types of cybercrime. Consider minimising the amount of personal information you share on social media and using privacy measures to limit who has access to it.
Payment security: Before completing a transaction online, always remember to check the URL (address) to make sure it begins with ‘https’ and a closed padlock icon in the address box. This means that the data sent between your device and the shopping site is encrypted (unable to be easily intercepted or read). You should also reconsider saving your credit card information and other personal information on your online shopping accounts, as your information might get into the hands of cybercriminals if the companies network is breached.
Avoid clicking on pop-ups: Pop-ups occasionally try to trick you with the location of the “Close” button, so always check for an “x” in one of the corners. These pop-ups are often linked to malware as part of attempted phishing attacks to retain your personal information.
Update passwords regularly: If you have several online accounts, you should make it a practise to change passwords regularly to prevent an attacker from gaining unlimited access. As you may not even know that your account has been hacked, adding an extra layer of security through password rotation can help prevent further phishing scams and keep potential cybercriminals out.