The years go by, and the number of phishing attacks continues to grow. The FBI’s 2021 Internet Crime Report showed a total of 323,972 victims in the United States, up 34 per cent on the previous year. Similar statistics are reported across the globe. While the largest number of attacks continue to originate using email and to a lesser extent SMS, cybercriminals are also taking advantage of the increasing use of video conferencing and cloud-based file-sharing platforms, especially within work environments, to evolve their tactics.
The basics of a phishing attack remain the same as ever. Namely, phishing is a form of social manipulation which aims to get the victim to either share sensitive personal or company data or persuade them to transfer money to a specific account. To achieve this, criminals often impersonate real companies and individuals which the target knows and already has an ongoing relationship with, using email addresses and branding which, at first glance, looks legitimate. Phishing attempts also inject a sense of urgency into their requests, making the victim fear a worse outcome if they do not act quickly, and reducing the likelihood of the victim verifying the source of the communication received.
While the phishing strategies used on other channels such as workplace video conferencing and messaging platforms are similar, they currently pose an even more significant threat. There are number of reasons for this. Firstly, these platforms, which became more prevalent during the Covid pandemic, are still relatively new for many people which means that they are still unfamiliar with identifying suspicious activity. There is also generally much less awareness about the fact that phishing attacks do happen through these platforms. As many people have yet to hear, or even experience a phishing attack through these platforms, confidence in them among work colleagues also remains high. It is vital, therefore, that companies and organisations make it a point to include these platforms in the training they provide about phishing to ensure their data remains secure.
When it comes to practical tips to avoid becoming a victim of a phishing attack, it’s important to remember a few key principles. Always ask yourself these questions when a company, organisation or contact gets in touch:
- Was I expecting this communication?
- Does the tone and language used match the way the person or organisation normally communicates with me?
- Are the email address, phone number and user profile, amongst other things, ones I recognise and am familiar with?
- Is the communication asking me to do something unusual, quickly?
- Do the links and/or documents attached to the communication look legitimate?
Most importantly, stop and think before you take any action. If you have any doubts whatsoever contact the person or organisation from which the communication appears to originate using a channel you know is secure and double check.
Phishing attacks have impacted individuals, who have had their identities stolen, but also Governments and multinational corporations. Electricity grids have been shut down and billions of dollars stolen because of these attacks. Anyone can become a victim so please make sure you remain vigilant. If you believe you may be a victim of a phishing attack, contact the Malta Police’s Cybercrime Unit.