We won’t soon forget the year 2020. As a nation we have faced civil unrest, billion-dollar natural disasters, a controversial presidential election, and one of the deadliest pandemics in history; yes, 2020 will go down in history as a year for record books. Unfortunately, 2020 set some records in cybercrime as well. In fact, by the end of this year it’s estimated that damage from cybercrime will cost $6 trillion annually; double the $3 trillion spent in 2015.
Cybercrimes, like most crimes, are opportunistic and the pandemic was a perfect storm of opportunity. According to an article published by IDAgent, phishing attempts have increased by more than 660% since March 1, 2020. That’s a staggering statistic! But why such an explosive increase? It’s a risk and reward game. Criminals seek the greatest opportunity for making the most money at the lowest possible risk.
But first, what is phishing? Phishing is a cybercrime term that describes how criminals pose as legitimate institutions or a trustworthy entity/individual to trick you into providing sensitive data such as login ID’s and passwords. Phishing emails are a great way for hackers to gain access to your system. In fact, 90% of incidents that end in a data breach begin as a phishing email.
In March, people were panicked about toilet paper, hand sanitizer, and other supplies. Cybercriminals used fear and uncertainty to prompt people to click on emails that promised hard to find supplies. Some reports indicated that consumers gave credit card information thinking they are buying supplies for their household.
Cyberattacks in 2020 happened every 39 seconds. That means by the time you’re finished reading this article at least 4 cyberattacks have been carried out on unsuspecting companies. Phishing doesn’t come in just the form of emails; you need to be aware that phishing can happen via text and phone calls as well.
Brand recognition is another way cybercriminals entice consumers to click on links and gain access to your system through attached malware that asks for ID and password input. We are still in the midst of a pandemic and cybercriminals could be using brands such as WHO (World Health Organization), CDC (Center for Disease Control), and local health departments to lure consumers. Also, tax season is starting so phishing emails from the IRS will start soon.
Here are some quick tips to help you avoid falling victim to these techniques whether at home or the office:
- Verify the source of the email by checking the ‘From’ field to validate the sender. Phishing emails will appear to send you an email from a trusted source but in reality, they are spoofing the “from” address. What does that mean? The name of your contact shows as it always does in the “from” field however, when you hover over the name or you see it in the preview pane of your inbox the email address associated with the contact is not the actual email address.
- Pay very close attention to the domain name of the websites you visit or that are revealed in embedded links in communications you receive. For example, microsoft.com and www.support.microsoft.software.com are two different domains. (and only the first is real).
- Be sure to report all suspicious emails to your information technology support.
- NEVER open email attachments that end with: .exe, .scr, .bat, .com or other executable files you do not recognize.
- Beware of “unsubscribe” – cybercriminals are using this to gain access as well. It is easier to delete the e-mail than to risk security breaches.
- NEVER click embedded links in messages without hovering your mouse over them first to check the URL and verify the domain is safe/secure.
- Do not respond or reply to spam in any way. Delete the message and then delete it again from your deleted folder.
OIA is dedicated to providing you with risk management solutions to protect your agency. If you have any questions or concerns, you can reach Judy Sivy at firstname.lastname@example.org or 614-552-3048.