Cybercriminals are continually working on new strategies to profit from stealing your credentials and even your identity, and they are continuing to refine forms of cyberattacks that have proved profitable in the past. That’s why the volume of phishing threats continues to grow.
According to PhishLabs, the volume of phishing messages increased by 40.9% in 2018 alone. Of those phishing messages, 83.9% targeted acquiring credentials for financial accounts, email, cloud payments, and e-commerce. Rather than using malware, 98% of those attacks relied on social engineering techniques to trick recipients into surrendering personal data.
Phishing is a cyberattack sent in the form of an email designed to fool the recipient. The message is designed to convince you to surrender sensitive information such as a password, credit card number, or Social Security number. The usual sender assumes the identity of a trusted source, such as a business or, more often, a financial institution such as a bank or credit union. Big banks are a growing target. In fact, Lookout, a mobile security system company, recently detected a phishing attack that used SMS messages, and apparently, more than 4,000 mobile phone users fell for the scam.
What makes phishing attacks so insidious is that messages look like legitimate requests for information from sources you trust. Anyone can fall victim to a phishing attack unless they know what to look for.
The most common types of phishing messages are sent via email. These messages are designed to look like legitimate messages with the same format, company logo, and other details you would expect to see. They also typically request some form of action, such as checking your account, verifying information for an invoice, or addressing a problem with your account—something that would require you to surrender sensitive information. Most phishing messages include a link that will lead you to a phony website where you are supposed to enter information such as your password or account number.
There are a number of ways to detect phishing emails:
Vishing is becoming an increasingly popular strategy, but instead of an email message, you will receive a phone call or voicemail message.
Vishing messages usually come from an unknown number, often a local number that the caller has created. It could be a caller claiming to be your bank, or asking you to verify your identity in order to break two-step verification. Another increasingly common attack is that callers claim to be from Microsoft offering to help you address a security problem when they are really trying to access your computer. You could also receive a voicemail saying that they are from the IRS or a collection agency, or claiming you are a contest winner. Some voicemail spammers just want a return call because they get paid if they can get you to verify your phone number.
The best strategy for vishing attacks is to ignore them:
With the use of mobile devices on the rise, cybercriminals are increasingly using SMS text messages for phishing attacks. Phony SMS texts or smishing messages usually claim to be from your bank, mortgage company, car loan company, or some other trusted source, and ask you to reply, call, or click through to verify an account or deal with an issue. As with vishing, your best defense against smishing is to ignore unsolicited text messages.
In addition to applying caution and common sense when dealing with phishing attacks, there are additional security steps that you should take to prevent online fraud:
If you are ever in doubt about a message or communication, you should feel free to contact the vendor directly to be sure that the communication is theirs. You will be safer, and the company will appreciate that you reported a possible security issue.
When it comes to your bank accounts, you should feel secure using online banking, but use common sense and be sure that you are the one who initiates an online transaction. Be wary of any incoming queries asking for information about your accounts.
Remember that you can call us anytime to verify any of our communication. The team at iQ Credit Union is always available to help.