Phishing attacks with a little man fishing. Isn't he cute?

What You Need to Know About Phishing Attacks

Phishing attacks have been around since the early days of the internet.

In recent years, however, cybercriminals have become more proficient at stealing your personal information. The number of spam emails increased fourfold in 2016, and one in every 131 emails contained some type of malware — the highest rate for five years.

So how can you stay safe online?

Here are the most common types of phishing attacks to watch out for — and how you can avoid them.

1. Spear Phishing

Cybercriminals use spear phishing emails to trick you into believing you have a connection with the sender. They customize emails with information that seems legit — messages might include your employer’s name, phone number and other credible information, for example — but often include a link to a malicious attachment or website.

“As with emails used in regular phishing expeditions, spear phishing messages appear to come from a trusted source,” says TechTarget. “The apparent source of the email is likely to be an individual within the recipient’s own company — generally, someone in a position of authority — or from someone the target knows personally.”

Spear phishing is one of the most dangerous types of email-spoofing attacks. 97%  of internet users can’t identify a sophisticated phishing email, while 12% of targeted users click on malicious attachments and links inside spoofed emails.

How to Identify Spear Phishing Emails

Spear phishing emails often contain spelling and grammar errors or use a generic address title. If an email doesn’t look right, delete it immediately.

2. Whaling

Cybercriminals use whaling emails to target CEOs, executives and managers within an organization. These emails might look like an important piece of correspondence — a customer complaint or legal subpoena, for example — but often contain dangerous malware.

“A phishing attack specifically targeting the enterprise’s top executives is called whaling as the victim is considered to be high-value, and the stolen information will be more valuable than what a regular employee may offer,” says Fahmida Y. Rashid, writing for CSO.

Whaling attacks cost businesses more than $1.2 billion since January 2015, according to the FBI.

How to Identify Whaling Emails

Just like with spear phishing emails, check messages for inconsistencies like spelling and grammar mistakes. If someone asks you to click on a link, hold your cursor over the URL to see the real address.

3. Deceptive Phishing

This is the most common type of phishing attack. Deceptive phishing emails look like they come from a legitimate company, but a cybercriminal is trying to trick you into handing over your personal information. Unlike spear phishing emails, however, these messages are a lot less personalized

“[For example], you get an email from a bank claiming that your account has been frozen unless you click on the link provided and enter your account information,” says ProServeIT.

How to Identify Deceptive Phishing Emails

Look at the sender’s email address. Cybercriminals will often use a generic public email address — messages might come from a Gmail or Yahoo Mail account, for example — instead of a private address.

What Can You Do?

These are three of the most common types of phishing emails. You can minimize your chances of receiving these messages by staying safe online. Don’t reveal your personal information on social media, enhance your IT support processes, always use anti-virus software and optimize technology in your workplace.

Of course, if you feel like you need any additional help, we’re always open to a chat.