More than 90% of data breaches start with a phishing attack. Being able to spot phishing scams starts with knowing what motivates fraudsters. Here are the most common tactics used in email phishing and how to avoid becoming a victim.
Email is an essential part or our everyday communications, and it has quickly become one of the most common methods that hackers use to attempt to gain access to sensitive information.
More than 90% of data breaches start with a phishing attack. Phishing uses fraudulent email messages designed to impersonate a legitimate individual or organization, in an attempt to trick the recipient into downloading harmful attachments or accessing a compromising website. In both of these cases the endgame is to obtain sensitive information and/or compromise your computer.
Phishing scams can have a number of different goals. They may attempt to:
- Target personal information, cash, and payment card data
- Gain control of your computer and local network resources
- Gain access to your online accounts and resources
Phishing scams typically attempt to take advantage of you by:
- Delivering file attachments that can infect your computer with harmful software designed to collect data
- Enticing you to click on links to websites that attempt to collect personal information and/or infect your computer with harmful software
- Tricking you into sharing your username and password so bad actors can gain access to your network or other online resources
You can identify a phishing scam by looking for email messages that:
- Create a sense of urgency
- Invoke strong emotions, like greed or fear
- Request sensitive data
- Contain links that do not appear to match legitimate resources for the organization that is contacting you
Always remember that legitimate organizations will never ask for passwords, social security numbers, or any other sensitive data via email. If you receive a message that doesn’t seem right, err on the side of caution, and resist the urge to follow the emails instructions. Instead, contact the business or person directly, and confirm the authenticity of the email message.