More people fell victim to phishing scams in 2022 than any other cybersecurity threat, according to the latest edition of the FBI’s Internet Crime Report.
More than 300,000 people reported being scammed through phishing attempts than the other top crime types combined—non-payment / non-delivery, extortion, tech support, and personal data breach.
As phishing attempts—and success rates—increase, it’s worth taking a look at what phishing is, how your business can detect and protect against it, and what to do if an attack is successful.
Phishing is a cybersecurity scam in which hackers disguise themselves as a reputable person, company, or entity in email, social media messages, text messages, and other forms of communication to collect login credentials or account information.
Examples of phishing techniques include:
Phishing is part of a broader cybersecurity risk known as social engineering.
All of these are things most people do regularly, so how do you figure out what’s real and what’s not?
Phishing attacks typically have telltale signs, like:
If any of these requests seem out of the ordinary, contacting the person or organization directly through another method is best.
For example, if you’ve never purchased from or worked with a company before, don’t click or respond to anything within the suspected phishing email.
Instead, open a new browser window, search for that company, and find a way to contact them through their website with a phone number, support email, or live chat service.
The easiest way to prevent phishing is by asking yourself one question:
Do you know the person or organization that’s contacting you?
If you do, that’s a good start.
However, still, proceed with caution by contacting them through another verified method.
For companies, that likely means using a company phone number or website.
For people, text or call them if you know their number, or email them by starting a new email chain if you know their email.
If you don’t know the person or organization, it could be a scam.
Follow the recommended steps outlined above to get in contact with them.
Two other ways to prevent phishing and its potentially disastrous effects include enabling multifactor authentication and backing up your data to a location besides your home or office network.
At home, you can back up your data onto physical hard drives or a cloud service (one often comes with your phone plan as an add-on service).
IT departments should back up company data on a separate cloud network so an attack cannot infiltrate further.
Your IT department or managed service provider may also run phishing simulations as part of a security awareness program.
If you accidentally clicked on that Facebook message or email, verify whether your device’s security software is updated.
(Side note: Hackers hate updates, so we recommend regularly updating software and operating systems).
Additionally, report the incident and notify your IT department so they can monitor any unusual activity on your computer or network as a whole.
If it turns out to be nothing, great.
If there is a cybersecurity breach, they can help stop it before it spreads too far.
Depending on the nature of the information, you may consider taking additional steps:
Read more on phishing:
How secure is your company’s data? Phishing is one way to experience a cybersecurity incident, but hackers can access your protected information in other ways, too. Download our Data Security Checklist to see how well your data is protected against today’s common cyberthreats!