How To Report Phishing Scams
When you have identified an email as phishing, its time for payback. There are ways you can take action to keep yourself more secure:
- Forward the email to the Anti-Phishing Working Group at . If you receive a phishing SMS text, forward it to SPAM .
- Report the phishing attack to the FTC at ftc.gov/complaint.
- If the sender has a Gmail address, you can also report it to Google so they can deactivate the account. Simply click those three little dots beside the Reply button and look for the option Report as a phishing email.
So, youve identified phishing and even reported it. Great job! Now, you need to learn the best ways to prevent phishing attacks.
Why Is Phishing So Damaging
From the example of BA alone you can start to see howdamaging phishing attacks can really be. Phishing accounts for 90% of all data breaches according toIBM, and the average cost of a breach is $3.86 million dollars. 76% of businesses reported to be a victim ofphishing last year, and that figure is likely to rise this year.
The main reason for phishing attacks being so successful isthat they slip through the gaps in email and web security technologies.Businesses commonly use email clients like Exchange, Office 365 or G-Suite fortheir email communications. These platforms will filter out some maliciousemail, like email that contains overtly malicious links or appear to be spam.
However, many phishing attacks dont contain anything overtly malicious. Instead they use social engineering, deceiving users into divulging confidential or personal information. Even emails that do contain links to URLs can slip through the gaps, as URLs can be scanned by email filters and categorized as safe, and then later be injected with malware.
This same principle applies to phishing websites. You mayhave a desktop anti-virus or filter in place that will stop malicious downloadsor users from prevent malicious webpages from loading, but sophisticatedphishing websites will trick users into logging into accounts, or inputtingcredit card details, which the hacker can then use or sell elsewhere.
How Does Phishing Work
Phishing may be carried out via email, text messages or social media, and attempts to get a victim to click on a link that appears to be connected to a known business or entity. Frequently, that link will take victims a fake website that has the look and feel of a legitimate site or a site with which they are familiar. Victims are then asked to provide information such as bank account numbers, passwords or other sensitive information that can be used to steal identities, money and information.
Recommended Reading: What Does Cc In Emails Mean
Bimi: An Optional Visual Indication
Finally, another optional configuration is possible: the BIMI . This isnt a technical element that reinforces security, but a visual addition that gives an indication of the senders identity.
It displays the brand logo directly in the inbox. You can only add BIMI if you have SPF, DKIM and DMARC protocols active, and if the DMARC policy is on quarantine or reject.
Deployed since 2019, not all email providers support BIMI yet.
If the idea is interesting to strengthen the trust by knowing which image is usually displayed next to a contact, it doesnt guarantee protection against phishing.
Indeed, an attacker could very well look for which image uses the organisation they want to spoof, then configure a domain with SPF, DKIM and DMARC and associate it with the same image. The BIMI will then be a disadvantage, as users will be even less suspicious of this email.
Also Use Artificial Intelligence In The Fight Against Phishing
The suggestions above will help, but they will likely still be insufficient. At the end of the day, the weakest link is human error. With all the pressure on employees to achieve KPIs, hit targets, and lets face it, just do their jobs, why should individuals be tasked with continually being on the lookout for these devious scams? Of course, user training is very important, but there is only so much we can ask employees to do. You do not want to create an environment where employees are afraid to open emails, or worse, ignore emails with the excuse that they thought it was a phishing email.
For this reason, instead of relying on employees to spot tricksters, companies must utilize anti-phishing solutions that can identify and filter out malicious emails before they even get into employees inboxes. This is where machine learning and artificial intelligence can be deployed to constantly learn and record the attributes and behavior of malicious emails, resulting in the ability to accurately distinguish phishing emails from legitimate emails. Contrary to humans, these methods are objective, not prone to human error, and can analyze massive volume of inbound emails. In the fight against phishing, machine learning and artificial intelligence is our most valuable defense yet.
You May Like: How To Find Icloud Email On Iphone
Different Types Of Phishing
Phishing comes in several variations, each utilizing a different set of techniques to scam their victims. Below is a short explanation of each phishing type:
Phishing: This is the overarching term for email-based attacks in which cybercriminals attempt to trick individuals into clicking on a link or malware-laced email attachment in order to gain access to sensitive information, passwords, or banking or credit card details.
Spear Phishing: These are phishing attempts that are highly targeted and only sent to specific individuals, often using information gleaned from the Internet to make the emails look personal and legitimate.
Clone Phishing: This is a type of attack where a legitimate email is cloned and then resent from a lookalike address with altered links or email attachments with a malicious payload.
Whaling Phishing, BEC and Pretexting: In these attacks, cybercriminals target high-profile employees, such as CFOs and CEOs, and try to trick them into sending a wire transfer to the cyber criminals account or to provide W2s or other sensitive information that can be used to commit fraud. According to the FBI, between 2013 and 2018 BEC fraud amounted to $12.5 billion.
In their recent report Fighting Phishing 2020 Foresight, Gartner says: Through 2023, business compromise attacks will be persistent and evasive, leading to large financial fraud losses for enterprises and data breaches for healthcare and government organizations.
Contact Consolidated Technologies Inc For Proactive Network Security Solutions
Lessening your risk of phishing attacks and other cyber threats can be intimidating on your own especially if you operate a small business or arent familiar with IT. You can enjoy peace of mind without having to shift your focus from your normal business operations when you trust your security solutions to Consolidated Technologies, Inc.
For more than 20 years, weve helped businesses like yours take control of their systems and network security. Were here to help you with your business phishing prevention and much more. Dont wait until youve fallen prey to a phishing scheme. Contact us today to learn more about our security solutions and how they can benefit your company.
You May Like: How Do I Get My Old Email Address Back
Mimecast Technology To Stop Phishing Emails
Mimecast Targeted Threat Protection, part of Mimecast’s email security solutions, scans all inbound email in real-time to stop phishing emails and other advanced threats. As a cloud-based service, Mimecast requires no additional infrastructure or IT overhead to stop phishing emails protection can be activated quickly and easily through the cloud platform. Mimecast provides protection on and off the corporate network and on mobile devices while creating no disruption for users.
We’re here to help you stop phishing emails
Assume Every Email Is A Potential Phishing Attempt
While this might sound extreme, it’s important for users to carefully examine an email to determine its authenticity. Users should not solely trust their organization’s spam filters, as these traditional email security tools do not provide the strongest defense against some types of attack. Some organizations have begun to implement zero-trust network access in order to secure connectivity to private applications to reduce exposure to applications on the internet.
You May Like: How To Email Large Mp4 Files
How Do I Stop Phishing Emails
The first step in how to stop phishing emails is awareness. You, and the people you work with, have to be as cautious and vigilant online, as you would be outside in the street. Just like if someone came up to you and offered something too good to be true, or you received a phone call to update your bank password, so too when it comes to online behavior you need to stay alert.
- Things to look out for to stop phishing emails include:
- emails that contain urgent or scary information
- emails purporting to be from colleagues but coming from a different address
- emails whose links look suspicious
What Is Spear Phishing
Spear phishing occurs when a cybercriminal performs a highly targeted phishing attack. What I mean by this is that the cybercriminal will impersonate someone you know. This could be a colleague or someone from your personal life. Also, the messages contents will read more naturally, and the requests will be more sensible because theyve taken the time to research and learn about you.
Phishing attacks are often sent out in mass quantities while spear phishing attacks are sent to target a specific group or individual. Spear phishing attacks are a quality-over-quantity approach.
Also Check: Where Can I Go To Print Out An Email
Ways To Prevent Phishing Attacks
Phishing scams are one of the most common methods of attack youre likely to come across. They are a hugely profitable attack method for cybercriminals, as thousands fall victim to them every year. Fortunately, due to their commonplace nature, phishing scams are avoidable if you know how to correctly identify and prevent them.
Get the Free Guide Explaining How to Mitigate Cyber Attacks
Thanks for Downloading.
Please check your email for a link to the whitepaper!
Phishing A Brief History
The first recorded phishing attempts date back to the 1990s, but it was in the early 2000s when phishing really took off. The first phishing attacks were crude hit and miss attempts that involved sending mass email blasts that appeared to be from well-known banks in order to trick unsuspecting recipients into divulging their personal information or bank account login credentials.
In 2010 a new phishing phenomenon was proving to be far more effective: spear phishing. Infamous data breaches at Anthem, Sony, and even the White House, all started with a spear phishing attack in which a socially engineered email was sent to a small number of high-ranking individuals, tricking them into providing their credentials or opening a malware-laced attachment to gain access to their systems.
Also Check: How To Restore Gmail Account
What To Do If I Cant Prevent Phishing Attacks
Its unlikely that youll be able to prevent phishing attacks 100% of the time. If you happen to click on a link or provide information on a site you believe to be part of a phishing attack, you should immediately take these steps:
- Disconnect your computer from the Internet to prevent any malware installed on it from spreading or from communicating with attackers.
- Let your company and your IT department know what happened as soon as possible so they can limit the damage.
- Scan your computer for any malware or viruses that the phishing attack may have downloaded.
- Change your login information on accounts that may be compromised by the information you have given to prevent attackers from gaining access your accounts.
- Report the phishing attack to the Federal Trade Commission , the Cybersecurity and Infrastructure Security Agency and the Anti-Phishing Working Group.
Protect Your Login Information
Many people use the same login information for multiple websites. If your login details are compromised in a phishing attack, it might give scammers access to your other accounts.
Consider using a password manager to create and store unique passwords for all your accounts. In addition, many online accounts require or encourage users to register for two-factor authentication. For example, you have to log in and enter a one-time password thats sent to your cell phone before you can proceed.
These security measures might seem annoying or cumbersome, but theyre worth it.
You May Like: My Yahoo Homepage Restore
Think Twice Click Once
Like anything valuable, your personal information is of interest to thieves. With so much of this data stored online today, understanding how to protect it is more important than ever.
In many cases, one of the biggest threats to our data is phishing emails. For those who may be unaware, phishing is a digital attack designed to trick an individual into revealing sensitive information by way of a link.
Just what is it about these campaigns that draw people in? Most commonly, they are sent as urgent messages from nearly identical, trustworthy addresses. One may appear as an individual or company the receiver would ordinarily communicate with. Cybercriminals operate this way to prey on your vulnerability. The attack is aimed to trick people into speaking or interacting with them. They communicate in a way that would remain confidential but more times than not, lead to a bug entering your computer. A common example of a phishing attack could be framed as a colleague sending an unusual link that you are urged to click. Many of us may fall prey to a scheme in that sense, but those are no different from an obvious scheme, like those click NOW to collect your prize messages.
They could start with the word IMPORTANT in all capital letters or any other immediate call to action phrase. This was a popular campaign at the height of the COVID-19 pandemic, largely because hackers preyed on employees who regularly received emails on changing office protocols or demands.
When You Stop Phishing Emails Take Care Of Your Physical Mailbox Too
Reporting spam emails and learning how to unsubscribe from emails you dont need are useful weapons in your arsenal, but phishing attempts dont stop with electronic messages. Scammers are doing whatever they can to lay hands on your finances and your identity. Calls, texts, social media messages, and good old-fashioned letters are some of the methods they use to trick unsuspecting folk. DoNotPay can help you clean out your physical mailbox from those dubious envelopes and keep it spick and span.
You dont have to do much. Get your smartphone camera ready and follow this simple procedure:
With this tool, you will prevent more gullible members of your household from becoming scam victims, but you will also decrease the amount of junk mail that you dont need, and that gets thrown out anyway. Youre protecting your finances and helping the environment at the same time!
Recommended Reading: How To Mass Delete Emails From Iphone