Perhaps hundreds of emails cross your screen every day. The day can drag on and in the monotony of your daily routine, you just keep clicking on links without a care in the world.
OK, maybe things aren't that bad, but those phishing scams are tricky and it takes ever-vigilant users and security departments to keep them from spreading. Recently, Diligent, a vendor that provides secure collaboration for corporate boards, rolled out a test to 2,000 users to see how much attention they were paying to what enters their in-box.
An estimated 156 million phishing emails are sent worldwide every day, and about 16 million of those make it through our spam filters and into our inboxes. The global nonprofit Anti-Phishing Working Group (APWG) recorded more unique phishing campaigns in the first quarter of 2016 than in any other three-month span since it began tracking data more than a decade ago, and the U.S. is reportedly home to more phishing sites than any other country, according to Diligent.
Diligent found that there has been a nearly tenfold increase in phishing in just five years, with a particularly alarming jump from about 99,000 documented campaigns in January 2016 to over 229,000 in March 2016 - just three months.
The users in this study were duped the most by emails that came from what appeared to be someone they knew.
Often, these emails will tell you that you've won a prize, that a friend is stranded abroad, that there's a problem with your account, or that you just need to update your credit card or password information. Those who took the survey were not fooled by someone saying they won a prize or a trip. You know the saying, "If it is too good to be true, it probably is."
More than 50 percent of survey respondents said they've had an unauthorized charge on their credit cards, 33 percent said their email accounts had been hacked, and 24 percent reported having their social media accounts hijacked.
Gotchas to look out for
Diligent created this list of common things to watch out for in phshing schemes.
- Warning signs
- Spelling or grammatical mistakes
- Sender or transaction doesn't look familiar
- Asks for personal information
- Seems too good to be true
- Language is urgent or threatening
- Address or URL is suspicious
- Requests money or donations
- Message is vague
The big red flags for users were when an email did not address them by name. Spelling and grammatical errors were also key indicators that the email was actually a phishing scam. Other ineffective emails were those purporting to be from the IRS, but users generally have gotten the message that the IRS will never contact you by email - although there have been incidents where users sent Apple iTunes gift cards after being told that would help their case.
Sign up for CIO Asia eNewsletters.