In a Trend Micro Report by Security Company Egress and IBM’s Cost of Data Breach Report 2022, we see that 92% of organizations fell victim to phishing attacks, making phishing one of the most common initial attack vectors resulting in 16% of all company data breaches. Last year, phishing victims reported over $52 million in losses, with each phishing attack costing corporations $4.91 million on average. Additionally, these companies suffered a loss of customer trust, reputation, and market value, along with regulatory fines.

If the website is asking for your personal information, be wary.

Many websites will ask you to enter your email address or other sensitive information like a phone number, and they’ll often say that it’s necessary to sign up or use their service. This isn’t always true; many services only ask for this information so that they can spam/phish you later on down the line.

Phishing is a scam that uses fake emails or websites to steal personal information. It’s most commonly used for stealing passwords, credit card numbers, and other sensitive data.

Nigerian scams were popular forms of phishing until recently when hackers realized they could make more money with ransomware attacks than emailing people asking for money (and getting no response). Nowadays, you’ll see phishing attempts everywhere: in your inbox, on social media, and even via text message!

The telltale signs of a phishing message include poor grammar; spelling errors; requests for sensitive information like passwords or bank account numbers; urgent requests for action without any context as to why you should act now (like “pay this bill today!”); links that take you away from legitimate websites into ones controlled by hackers who want access to all sorts of things like photos stored on Dropbox accounts…you get the idea!

With Artificial Intelligence in play, we see far fewer grammatical and spelling mistakes. So staying on your toes becomes even more critical. If something doesn’t feel right, it’s time to investigate more.

If you suspect an email might be a phishing attempt, you can perform the following investigation to check its validity:

  • Check the sender’s email address Look at the sender’s email address carefully. It might be a phishing email if it doesn’t match the company’s official domain or seems suspicious.
For example: 
- Official email: john.doe@example.com
- Suspicious email: john.doe@example1.com or john.doe@ex-ample.com
  • Inspect the email’s content: Look for spelling and grammatical errors, unusual formatting, or generic greetings. Legitimate companies usually proofread their emails and use personalized greetings.
  • Check for suspicious links: Hover your mouse over any links in the email without clicking on them. This will reveal the actual URL. It might be a phishing attempt if the URL doesn’t match the company’s official website or seems suspicious.
  • Examine the email’s attachments: Be cautious of unexpected attachments, especially if they are in unfamiliar formats or have unusual file extensions. Malware can be hidden in these attachments, so do not open them.
  • Verify the information: If the email asks for sensitive information or requests you to take action, contact the company directly through their official website or phone number to confirm the request.
  • Check for urgency: Phishing emails often create a sense of urgency to trick you into taking action quickly. Be cautious of emails that demand immediate action or threaten consequences.
  • Look for unsolicited requests: Be suspicious of emails asking for personal or financial information, especially if you didn’t initiate the conversation.
  • Use email security features: Many email providers have built-in security features to help identify and filter phishing emails. Make sure these features are enabled and up to date.

By performing these checks, you can better determine if an email is a phishing attempt and protect yourself from potential scams.

If You Suspect You’ve Been a Victim of a Phishing Scam

There are several resources available to report a phishing scam. Some of these resources include:

  • The Federal Trade Commission (FTC): The FTC is a government agency that protects consumers from fraud and scams. You can report a phishing scam to the FTC online or by phone.
    Online: https://reportfraud.ftc.gov/
    By phone: 1-877-FTC-HELP (1-877-382-4357)
  • The Anti-Phishing Working Group (APWG): The APWG is a non-profit organization that works to combat phishing attacks. You can report a phishing scam to the APWG online.
    https://apwg.org/reportphishing/
  • Your bank or credit card company: If you have received a phishing email or text message that appears to be from your bank or credit card company, you should report it to your bank or credit card company immediately.
  • Your local law enforcement agency: If you believe that you have been the victim of a phishing scam, you can report it to your local law enforcement agency.

By reporting phishing scams, you can help to protect yourself and others from these harmful attacks.

Here are some additional tips for reporting a phishing scam:

  • When you report a phishing scam, include as much information as possible, such as the email or text message you received, the website you visited, and any personal information you may have entered.
  • If you have any screenshots of the phishing email or text message, be sure to include them with your report.
  • If you have any information about the identity of the person or group that sent the phishing email or text message, be sure to include it with your report.

Voice Phishing Scams Are Getting More Clever

Can You Detect A Phishing Attempt?