Phishing scams: How to identify and avoid them

Phishing scams: How to identify and avoid them

Over the years, phishing has grown into a bigger threat to businesses. The rate of phishing scams increased by 61% from 2021 to 2022. Not only that, but phishing was the costliest and second most common initial attack entry point that led to data breaches in 2022, according to IBM’s Cost of a Data Breach Report.

Phishing scams typically involve legitimate-looking websites and emails that are actually spoofed, designed to steal data for financial gain or infect computers with malware. Unfortunately, these attacks are increasingly becoming more sophisticated as scammers constantly update their tactics. But there are still some common phishing tactics you can watch out for.

What are the telltale signs of a phishing attack?

You can greatly reduce your chances of falling victim to phishing scams by keeping an eye out for the following signs:

1. Unexpected phone calls or messages from a trusted contact or entity

In a phishing attack, victims usually get an unexpected phone call or message via email, SMS, or a messaging app that looks like it’s from a person or organization they know or trust. By taking advantage of people’s trust in familiar persons or companies, scammers can get unsuspecting victims to act quickly without verifying if the phone call or message is authentic. Some of the most impersonated companies for phishing scams include LinkedIn, Microsoft, DHL, Amazon, Apple, Adidas, Netflix, and HSBC.

2. Urgent demands

Phishing calls or messages typically evoke a sense of urgency, demanding immediate action and/or sometimes even threatening negative consequences. Examples of these include:

  • You receive an email saying your social media account was locked because suspicious activities or log-in attempts were detected. To regain access to your account, you are told that you need to click on the provided link and follow the succeeding steps.
  • Your bank sends you a message saying there’s an issue with your account or your payment information, so your account is currently on hold. You’re asked to click on the link in the message in order to address the issue or update your details.
  • A supposed seller is confirming an order you didn't make. You can dispute the order via the link provided in the message.
  • You’re eligible for a coupon or government refund. To avail it, you need to click on the link in the message.

3. Suspicious attachments or links

Phishing messages typically contain attachments or links. Be wary of downloading and opening attached files or clicking on links, especially if you weren't expecting them. It's best to confirm first that the message really came from the supposed sender.

4. Generic salutations

The most common phishing messages are usually sent out in bulk in hopes that some recipients would respond. That's why these messages usually lack personalized communication and instead use generic greetings like "Dear customer."

Take note, however, that targeted phishing scams are becoming more prevalent. In these scams, fraudsters do extensive prior research on their victims and address the latter by name, making these scams more convincing and successful.

5. Poor spelling and grammar

Many phishing messages are riddled with typos and bad grammar, so watch out for those signs. Just keep in mind, though, that cybercriminals are now using sophisticated tools to improve spelling and grammar.
How can businesses defend against phishing scams?
To safeguard your company from phishing, follow these tips:

  • Conduct security awareness training and phishing simulations so your employees will be better equipped in identifying and responding to phishing scams.
  • Deploy or enhance current email security software that can detect and block malicious emails.
  • Bolster security across mobile devices and apps used for work by rolling out a mobile device management solution and identity and access controls.
  • Set computer and mobile security software to update automatically.
  • Implement detection measures that can spot and mitigate evolving cyberthreats in real time.

Vancouver businesses can turn to Quicktech for comprehensive cybersecurity solutions. With our help, your company will be protected by using a combination of top-notch firewalls, antivirus software, threat prevention systems, and more, for an affordable monthly fee. Book a FREE consultation with us today.