Phishing is a scam that criminals have been utilizing with great success since the internet’s rise in popularity and accessibility in the 1990s. While fraudsters have used this technique for decades, it continues to grow by leaps and bounds, year after year. This month, we are taking a closer look at the crime of phishing, the impact that it has in today’s world, and ways that your account holders can identify and avoid phishing schemes in their everyday lives.

The Growing Threat of Phishing:
Protecting Yourself Against Cybercriminals

In the recently released 2022 Internet Crime Report by the FBI's Internet Crime Complaint Center (IC3), it has become evident that cyber actors continue to plague Americans, with dollar losses escalating by 49%. Among the staggering number of complaints received by the IC3, over 37% were related to phishing attacks. Phishing has emerged as the single most prevalent category of cybercrime, causing significant financial losses, particularly among citizens aged 60 and older. This article delves into the origins of phishing, its evolution into a top hacking category, and offers essential tips to help protect you from falling victim to these malicious schemes. 

Understanding Phishing

Phishing is a technique employed by cybercriminals to deceive individuals into divulging sensitive information or installing malware on their devices. This method is executed through various channels such as phone calls, emails, SMS texts, or even social media messages. The term "phishing" was coined in the late 1990s when hackers began using email lures to "fish" for passwords and financial data from unsuspecting internet users.

The Evolution of Phishing

The concept of illegal hacking began in the 1970s, long before the introduction of the internet, with a scam called “phone phreaking” or simply “phreaking”. This form of hacking used machine-driven audible tones to manipulate telephone systems in order to make free phone calls around the world. By the late 1990s, when hackers began using lures to “fish” for passwords and financial data from unsuspecting internet users, they coined the phrase “phishing”, as an homage to their criminal predecessors of the 1970s.

Over the past two decades, phishing has become increasingly sophisticated, pervasive, targeted, and costly. In 2022 alone, the IC3 reported losses of $52 million due to phishing attacks. It is worth noting that unreported losses from such incidents are significantly higher, making it crucial to stay informed about the latest phishing techniques and safeguard oneself against these threats.

Types of Phishing Attacks

1. Email Phishing: Attackers send fraudulent emails that mimic reputable sources, such as banks, government agencies, or popular online services. These emails often create a sense of urgency, urging recipients to click on malicious links or provide personal information.

2. Spear Phishing: This targeted approach focuses on specific individuals or organizations. Cybercriminals gather personal information to craft tailored messages that appear authentic, often impersonating colleagues, vendors, or clients to manipulate victims into revealing sensitive data.

3. Smishing and Vishing: Phishing attacks have extended beyond emails. "Smishing" refers to fraudulent text messages, while "vishing" occurs through voice calls. These tactics rely on social engineering to deceive victims into sharing personal information or clicking on malicious links.

Avoid and Identify Phishing Attempts

1. Stay Vigilant: Be cautious of unsolicited emails, especially those requesting sensitive information or containing urgent requests. Look for signs of poor grammar, generic greetings, or email addresses that don't match the claimed sender.

2. Verify the Source: Before sharing any personal or financial information, independently verify the legitimacy of the email or message. Contact the organization directly through their official website or customer service channels to confirm the request's authenticity.

3. Be Wary of Links and Attachments: Hover over hyperlinks to reveal their true destination before clicking. Avoid downloading attachments or files from untrusted sources, as they may contain malware or ransomware.

4. Strengthen Passwords and Enable Two-Factor Authentication: Use unique, complex passwords for each online account. Enable two-factor authentication whenever possible, adding an extra layer of security to your accounts.

5. Keep Software Updated: Regularly update your operating system, web browsers, and antivirus software. Software updates often include security patches that help protect against known vulnerabilities.

6. Educate Yourself and Others: Stay informed about the latest phishing techniques and trends. Share knowledge with friends, family, and colleagues to raise awareness and help them avoid falling victim to phishing attacks.

And remember, if you feel that you are at risk of identity theft, make sure that you have activated monitoring of your credit to be alerted as quickly as possible to credit fraud. But, don’t rest there. Be vigilant in watching your checking account transactions and watch for suspicious postal mail that may indicate fraudulent accounts opened in your name. If you feel you could be a victim of identity theft, we have you covered! With <EMBEDDED ACCOUNT> you have access to Fully Managed Identity Theft Recovery Services. We can provide a professional Identity Theft Recovery Advocate to help you rescue your good name!