Despite many warnings regarding phishing attacks - they still happen. The Anti-Phishing Working Group noted that the number of attacks has increased in the first quarter of 2016 by more than 200 percent. It's a large spike with several catalysts.
"This large spike reported in phishing sites and BEC [Business Email Compromise] attacks is no surprise as cybercriminals are becoming bolder and bolder, using social media and web infrastructure to create attacks that are more sophisticated and more effectively targeted," Roberto Drassinower, CEO of BrandProtect, said to SCMagazine.com.
While IT departments may insist on training against phishing attacks - and especially spear phishing attacks, which focus on C-suite individuals - it can be easier for individuals to tune out the lessons they learn. What if there was a way to test your knowledge of phishing attacks without risking your personal information?
Test your phishing knowledge
Wired staff writer Lily Hay Newman tried one solution. She voluntarily signed up to receive fake phishing emails to train herself to look for different signs of a scam. Hay Newman contacted a company called PhishMe, who looks for current scams and sends an email that is designed to convince you to click through - which can lead to a malware attack if the email was real. If you do fall for a phishing link, the PhishMe would alert you to the ruse. A large part of the company’s strategy is to teach users what to look for when scrolling through their emails.
"A phishing scam tries to get people worked up," CEO Aaron Higbee told the publication. "There's going to be some trigger that evokes emotionally heightened themes like fear, reward, and urgency."
Hint: If a respondent insists that you must respond within a short window of time - especially if it comes from a government agency like the IRS – it’s probably a phishing attempt.
These are the emails that we can be tempted to handle immediately, however, the IRS insisted that you should reach out to them by phone, never via email, to verify that the email is legitimate.
What to look out for
Hay Newman noted that when she received a fraudulent court summons, the email address - a Gmail address instead of a .gov - gave it away. She suggested that taking a moment to pause and double-check who the sender is can save your computer. If you don't recognize the sender, make sure not to click or download any documents.
TechRepublic noted that these type of attacks focus on specific individuals - and may use social media links to lure victims to click. Knowing what link
Hay Newman said that users should ultimately trust their gut when scrolling through their email. If something seems off, it most likely is. Taking extra precautions can protect your laptop or mobile device as well as your personal data.
If you think that you've clicked on a malicious link, you need to alert your IT administrator. Email phishing scams continue to change and evolve. Criminals have been known to use Google docs as well as SMS - also known as "smishing" - to get access to personal information.
Learn more about how Identity Guard can help you protect you identity with personalized products built to fit your lifestyle.