Keeping safe from cybercriminals is something we must do on the daily, as they are constantly looking for vulnerabilities to exploit to gain access to our data. Phishing is the most common form of cybercrime, which is explained as a social engineering scam where cybercriminals pose as a reputable source to get the victim to reveal important data. While phishing has predominately been related to emails and been easy to spot in the past (we all remember the Nigerian Prince), cybercriminals have grown more sophisticated alongside our technology. And the growth of gen-AI has evolved phishing into becoming more sophisticated attempts that can are growing at a rapid rate.
So as cybercriminals evolving their phishing tactics, how can you spot an attempt, keeping yourself and organisation safe? We will go through each form and the signs to look out for to avoid becoming a victim to their schemes.
Email phishing remains the most common form of cybercrime, with 75% of cybersecurity threats arriving through this channel and an estimated 3.4 billion spam emails sent out each day. This makes spam emails the biggest cybersecurity risk to both businesses and consumers. But despite how much we believe we know about these emails; they still manage to catch out millions of people each year. Aside from the traditional poor grammar and spelling, here are some other ways to spot a phishing email:
Check the email domain
Double check the domain of the sender. Spam emails will have a clue hidden within the domain. Sending from a popular used domain (@gmail.com) is a strong giveaway that the email is spam, as legitimate businesses will have their own domain. But the harder one to find are spammers who grab hold of a similar domain. Check for small spelling errors, as they will try to get the domain as close as possible to the legitimate one. When in doubt, don’t respond or interact with the email.
Watch for suspicious links and/or attachments
If there link or attachment that does not match the context of the body of the email, this is most likely a scam. One-way scammers get around this is by hiding the link in a button so you can’t see its full destination, so hovering over the button to view the link can help to verify if the link is legitimate. And if you are not expecting an attachment to be sent, or verify the sender, best not to leave it unopened.
Sense of urgency, especially from an executive
Acting on your emotions in the sense of a perceived emergency is what scammers want, especially if they can convince you it is from someone of high importance like a company executive. While getting an email stating there is an emergency, either from ‘family member’ or ‘boss,’ will make you want to take immediate action to help, it does go a long way to take pause and access the situation. Is there another way to get hold of that individual to check the validity of the situation? Is the email domain legitimate? Taking pause to double check these few aspects can help you from becoming a victim to their scam.
It’s too good to be true
Just like feeding into your emotions with a sense of urgency, scammers also play on our emotions of the euphoria of winning a of type of reward. Unless you are familiar with the recipient, remember entering in a legitimate content/giveaway, there is a high likelihood of this being a scam.
With around 3.5 billion smartphones being used worldwide and growing each year, cybercriminals have evolved in their attempts to exploit their users through their devices. This has evolved to Smishing (SMS phishing) and Vishing (voice phishing, considered the modern spin on the traditional telephone scam). Similar to their email counterparts, both forms often impersonate a trusted source to deploy social engineering tactics to trick the receiver into clicking on the link to install malware or answering questions that divulge personal information that they can use and exploit.
The move towards utilising smartphones seems practical from the cybercriminal’s point of view, as SMS has around an average 98% open rate (with email only having an average of 20%) and around 60% of people reading text messages within 5 minutes of receiving them. The tactics they deploy are similar email scams, here are a few more things to look out for.
Don’t recognise the number(s)
Unfortunately, these scammers can be relentless in their constant calling and texting. Many times, they will call from different, yet slightly similar, numbers in the hopes of getting you to pick up the phone. If you don’t recognise the number, do not answer the phone or respond to the messages they send, and block the numbers if you can. It can be obnoxious with the number of calls and messages they send, but not responding will likely make them move on in the long run.
Claim to be from an official source
This most common scams pretend to be a bank, phone or energy provider, but the list of who they claim to be are endless. However, some companies have policies in place where they will never directly ring or text their customers, so it is important to understand what these are. If you are unsure, you can call up the official numbers on the company’s website and ask them directly how they will directly contact their customers. Many companies now have strict policies about never directly calling their customers under any circumstance, so having this knowledge will help keep you safe from these scams.
Asking for confirmation of details
While legitimate establishments that will ask you to confirm your identity in order to discuss your accounts, scammers will also use this tactic to gain your personal information to manipulate. But this information will be very specific to the company you are calling and even then, this will have all been discussed when creating your account. A big red flag is if they call you and then ask you to confirm your information, this is highly likely a criminal trying to gain your information.
Use of an intimidating or forceful tone or language
This form of scare tactic has been most often associated with people being tricked into thinking they owe a payment and some sort of legal action, or severe consequences will be taken towards them. The criminals are feeding off your fears and emotions into tricking their victims into ‘paying a fine’, giving them not only access to their financial information, but other personal information they can exploit. They can also be very pushy into trying to perform a task in a quick manner. Most people will feel uneasy during these exchanges, trust those instincts, disconnect the call and report the number to the correct officials.
Quishing is the use of QR codes to instigate a cyberattack by taking their victims to a malicious website to download malware and/or gain sensitive information. QR codes have become increasingly popular since the pandemic as a contactless way for individuals to consume information and purchase goods. Many restaurants, bars and pubs used QR codes to allow guests to load their menus to help with social distancing and have since kept them as part of the customer experience. But they have also grown in popularity for cybercriminals to manipulate from their unsuspecting victims. These codes can be found out in public or sent via post or email. So how can you keep safe from a QR code scam? Here are some things to consider before scanning.
Only scan QR codes from trusted sources
If the code seems out of place or context, maybe give it a pass. Most of the time companies will also give tell you the web address so, if you're unsure, type that into your browser instead of scanning the code. Something to consider with QR codes in public is to check that something hasn’t been placed over the original code. For example, a criminal might place a similar looking QR code on top of the code at a restaurant table, where guests could be expecting to scan to order, and no one would think any different. Double checking that the code has not been tampered with can help keep you safe from a potential cybercrime.
If in doubt, use an app instead
Depending on where the code is, some establishments might also have an app that can accomplish the exact same goal intended. Using the app or directly going to their website can help to keep you safe and prevent your information from being stolen.
Keep your mobile devices up to date
Smartphones and their apps will have regular updates to help not only with their usability, but to help with updating the security features on the device. Just like with your main computer, do not put off updating your device features, as it can be that extra layer of protection against malicious actors.
Unfortunately, phishing is growing and becoming more sophisticated with cybercriminals. But staying vigilant, keeping up to date with cybercrime statistics, and practicing good digital hygiene will help to keep you safe from being the potential victim of a cybercrime.
