The retail and service sector suffered more than 43% of all phishing attacks in the third quarter of 2016.
The personal data we commonly share over the internet is extremely valuable for people looking to exploit it.
“Phishing” attacks are perpetrated through fraudulent websites and fake emails that look legitimate in an attempt to steal personal data or infect your computer. Attacks are typically camouflaged, making them extremely difficult to detect.
The Two Types of Phishing
Many of these types of attacks don’t have a specific nickname; they can be classified simply as phishing. Like a fisherman leaving his bait in the water, most phishing scams wait for an unsuspecting victim to willingly – and blindly – walk into an attack. These usually take the form of emails from credible sources, like Facebook or a trusted bank, which tell readers to click a link to fix a problem (an unexpected withdrawal from a checking account, for example). When a user clicks the link, it redirects to a fraudulent webpage that looks exactly like the webpage from the trusted source. As a user enters any usernames and passwords, the fraudulent webpage will track keystrokes, apply the user’s information to the real webpage, and allow the attackers to sort freely through the user’s unprotected data.
There’s another type of phishing, however, called “spear phishing.” This targets specific audiences for attacks. For example, a spear phishing campaign might target a business in order to gain access to certain customer data. Once it has customer names and emails, it can send authentic looking emails to these customers, posing as the web presence of the company it attacked.
The retail and service sector suffered more than 43% of all phishing attacks in the third quarter of 2016. The financial sector was in a distant second, at 21%, but industries such as internet service providers, payment services, multimedia, social networking and government were all notable targets. That led to an average of 200,000 new malware samples per day. China was, by a comfortable margin, the country with the worst malware infection rate with almost one half of all computers infected.
Awareness is always the best defense, but here are five tips that help protect your computer moving forward.
- Treat your personal information like money. You wouldn’t hand money over via email, no matter how credible the person asking was. Start thinking the same way about your personal information.
- Be suspicious of what you click. If you aren’t 100% sure of a link’s authenticity, do not click it. This includes attachments. If an email advises you to “click here to log into Facebook,” open a new window, type in Facebook’s URL yourself, and ignore the clickable link entirely.
- Secure all your devices. It’s not just computers. Cell phones, gaming consoles, baby monitors, anything that can connect to the web – make sure they’re all up to date with the latest software versions.
- Strengthen your passwords. These days, it’s wise to use a different password for every single account under your name. That way, if you do fall victim to a phisher, they won’t have access to every account that shares the password you’ve lost. In order to manage all the passwords for each of your accounts, consider using a password manager like 1Password or LastPass.
- Be careful with Wi-Fi Hotspots. Hotspots in lobbies or restaurants will never be as secure as your home network. Use them with extreme caution. If you log into a fraudulent hotspot, you’ll be able to surf the internet, but all information you input will be recorded.
These days, with online college and job applications, company intranets, home offices, and public Wi-Fi networking locations, it’s almost impossible to keep your personal data off the internet. But that’s OK, so long as you protect it.
After all, you shouldn’t be afraid to have an online identity. You should, however, be afraid to lose it.