Business email compromise (BEC) or Email Account Compromise (EAC) via phishing attacks account for the largest losses within cybercrime. In 2020 alone, $1.8 billion was lost from BEC/EAC according to the FBI. Show
A phishing email may look like it was sent from a legitimate source — like a colleague, or a company that you do business with — but is actually sent by cybercriminals. These scam emails trick recipients into taking actions like forwarding the email message to other people, clicking a link, or downloading malicious attachments. Let's Examine a Real-Life Phishing EmailThis phishing email from "U.S. Postal Shipping" almost looks legitimate upon first glance. But when you inspect the sender address (a long string of random digits), you can be sure it's a scam email. Scammers are hoping to catch you off guard, or trick you when you aren’t paying close attention to these small details. If you fall prey to these deceptive emails, you may risk further exposing your online footprint to scammers.Phishing is one of the oldest types of cyber scams in existence. However, it continues to get more sophisticated as hackers find more ways to disguise their true identities. If you believe you’ve received a phishing email, follow these steps to prevent information loss and protect yourself from identity theft. Can I Get Hacked By Opening a Phishing Email?It depends. Just opening the phishing message without taking any further action will not compromise your data. However, hackers can still gather some data about you, even if all you did was open the email. They will use this data against you to create more targeted cyber attacks in the future. This data includes, but is not limited to, your location, the operating system you use, and your IP address. Warning: If You Open a Phishing Email, NEVER Click The Links!Clicking malicious links and downloading attachments are a bigger threat to your data than merely opening suspicious emails. If you opened the email, but didn't click any links, you are safe. Nevertheless, take the following actions to make sure you haven’t been exposed after opening a phishing email and to prevent similar future attacks. 3 Steps To Take If You Opened a Phishing Email
1. Go offline and scan for malwareTurn off or unplug your router, or set your device to Airplane Mode or an equivalent. This will prevent malware from spreading to other devices on the same Wi-Fi network. Use anti-malware software to check for any viruses on your device. Take appropriate steps to get rid of it, if it’s discovered (scroll down for specific steps). If you suspect your devices have been compromised, stop online shopping or banking until you’re in the clear. Any transaction that involves using usernames, passwords, or other sensitive information may lead to a data breach. If you think your devices have malware, report it here: ReportFraud.ftc.gov 2. Report the email to IT or the company being impersonatedIf a phishing email was sent to your work or university email address, report it to your IT department. Similarly, if the email used an address under the pretenses of a specific individual or business, alert them immediately. If you’re not certain that it was a phishing attack, the company should be able to tell you whether the email was a scam or not. An example of a PayPal phishing email. Source: Gaetano DiNardiAs an additional precaution, also report the phishing attempt to the Anti-Phishing Working Group at [email protected]. To report a phishing text message, forward it to SPAM (7726). 3. Mark the email as spam in your email clientYour email client (Gmail, Yahoo Mail, AOL, etc.) will let you mark an email as spam or junk so that it can do a better job filtering spam emails or blocking them entirely. This is much more impactful than just clicking “unsubscribe.” If you stumble upon suspicious emails, Gmail recommends you do this:
Did You Click on a Phishing Link? Follow These 7 Steps
If you’ve opened a phishing email and clicked on links or downloaded attachments, don’t panic. Stay calm, and follow these steps. 1. Close all browsers and tabsDid you click a phishing link which redirected you to a new tab or window in your web browser? Close it immediately, and refrain from interacting with anything on the page. Most suspicious URLs lead to:
2. Delete any automatic downloadsIf you downloaded any attachments from a phishing email, don’t open them — they could contain malware that can steal your personal information or lock you out of your data. Not sure if your device has a virus from a suspicious email or URL? Look out for these system hiccups:
If your device is showing any of these symptoms, it’s best to immediately disconnect from the internet and stay offline. On a Mac, enter safe mode and follow these steps before you get professional help:
3. Report identity theft if you replied to the emailMany phishing scams are designed to get you to enter sensitive information, like credit card numbers through a link in the email. Don’t hand over any information if you’re not able to confirm that the link was sent from a legitimate source. If you entered your credit card information after clicking on a questionable link, contact your credit card provider so that they can freeze your card. Also follow these steps to report identity theft with the FTC, police, and all major credit bureaus. 4. Change all usernames and passwordsFraudsters use malware to uncover usernames and passwords you may have saved in your browser or to your device for bank accounts, emails, social media profiles, and ecommerce websites. Change your login credentials so that your sensitive data will remain protected. 2FA challenges you to prove your identity twice, whereas MFA verifies your identity with multiple factors like biometric, face recognition, time, location, and more. Source: G2Password managers are a handy way to create unique passwords, store them securely, and sync across devices. There are many popular password managers including Identity Guard’s ID Vault® that can safely manage hard-to-hack logins for you. Two-factor authentication or 2FA is another key component of cybersecurity. 2FA could make your accounts impenetrable with only stolen passwords and login information. 5. Backup all your filesIf your machine is infected, all backups will also likely be corrupted. Experts recommend backing up everything — malware included — but not restoring the full backup. The sole purpose of this backup is making sure all your files have been captured. At a high level, here are three ways to salvage an infected hard drive:
As a general rule, start backing up your computer if you don’t already. These steps become redundant if you can go back to your uninfected system backup. 6. Get verified tech supportMost manufacturers offer free technical support if your devices are still under warranty. Outside your warranty, you’re still eligible for paid support. Have device models and serial numbers ready before you make contact. Also, be cautious of tech support scammers and people trying to scam you online:
7. Consider identity theft protectionThe reality is that identity theft reached shocking new heights last year, and it's only getting worse. An identity theft protection service like Identity Guard will provide you with the following features in order to help fight back against scammers and con artists:
For more insight, check out Security.org's review of Identity Guard → The Bottom Line: Learn To Recognize The Signs of Phishing Emails
We advise keeping both your hardware and software up to date. Use a trusted antivirus software across your devices and as an extra precaution, consider getting identity theft protection. What is the safest action to take when you receive a suspicious email?Never click any links or attachments in suspicious emails. If you receive a suspicious message from an organization and worry the message could be legitimate, go to your web browser and open a new tab. Then go to the organization's website from your own saved favorite, or via a web search.
What action is required when you have received a suspicious email information governance?If you receive a suspicious email that looks like it came from a company that you know and trust, report the email to the faked or "spoofed" organization. Contact the organization directly (not through the email you received) and ask for confirmation on the validity of the message.
When you receive a suspicious email you should forward it to?If you got a phishing email, forward it to the Anti-Phishing Working Group at [email protected] . If you got a phishing text message, forward it to SPAM (7726). Report the phishing attempt to the FTC at ReportFraud.ftc.gov.
Can you respond to a suspicious email?PhishLabs warns that replying to a phishing email, even if you know it's a scam, can lead to further attacks. Most phishing campaigns are automated and replying to them puts you on a scammer's radar. PhishLabs stresses that these people are criminals, and that they can be vindictive or even dangerous.
|