Beware of phishing scams

Smart fraudsters are using emails that appear to be from reputable companies to capture personal data.

Hackers frequently use lookalike emails and websites to steal personal login credentials, credit card information and other details. Phishing emails are how 90% of cyberattacks begin. (Photo: Bigstock)

It’s easy to become complacent about all of the emails that come into our inboxes, and that is just what hackers are counting on when they send a phishing email. You’ve seen them — they look like they are from your bank, a credit card company, Amazon or Pay Pal — and they inform you that there is a problem with your payment, account or credit card and you should contact them immediately.

While they may look legitimate, upon closer inspection, you may find typos, poor grammar or an unrecognizable email address if you mouse over the sender’s data. According to Verizon’s 2019 Data Breach Investigations Report, approximately one-third of data breaches involved phishing attacks. Why? Because they’re so successful.

As these efforts have become more sophisticated, hackers are making the emails look like they’re coming from well-known companies. A recent report from Check Point Research indicated that the top brand industry sectors for phishing were technology, banking and social networks. Moreover, when the company investigated further, they found that hackers used different brands depending on the vector they were using to perpetrate the fraud.

For example, 24% of the email attacks focused on Microsoft, Outlook and Unicredit. On the web, 61% of the attacks involved Google, Amazon and WhatsApp. In addition, on mobile phones, the hackers used fake information from Facebook, WhatsApp and PayPal. The top two sites involving phishing scams were Google and Amazon, followed by WhatsApp and Facebook.

The company also highlighted an incident from late June, where a fraudulent website was created to mimic the login page for Apple’s iCloud service. Their goal was to steal the login credentials of users. A similar incident involved a fraudulent PayPal site in May. For users, it’s vital to verify that the website you are ordering from or accessing is authentic. Frequently, ads and sites included in emails are not, so it’s better to type in the address or do a Google search and click on the link from there.

Another risk frequently involves special offers — the ones that are too good to be true and offer deep discounts. Instead of clicking on the advertisement, it’s better to go directly to the company website and see if they are making the same offer.

For companies, make sure customers have a way to verify information that comes in emails or other forms of communication, and take the time to educate them on what to look for on a fraudulent website or email.

Related: