Phishing Awareness Training

Introduction to Phishing as a scam

In 2021, over 80% of cyber attacks were of the phishing type, and is therefore the most common type of  scam techniques. 

Google has discovered 21% more phishing websites than in 2020 for a total of 2,000,000 web sites aimed at stealing your sensitive data!

Description and consequences of Phishing scams

Phishing is a strategy related to email messages. Have you ever received emails telling you that you received an inheritance from an unknown relative or a password update that you never requested? These are some of the most common examples of phishing!

These types of scam aim at fraudulently acquiring private and confidential information from intended targets by sending scam emails, some of which cleverly get through spam filters. 

Attackers mislead victims to obtain sensitive and confidential information. They involve fake websites, emails, ads, anti-virus, scareware, fake PayPal or payment processing websites, awards, and free offers and many others.

All phishing emails contain an attachment or link (otherwise known as a call to action or CTA). 

An attachment may contain a virus such as a trojan or ransomware. 

While clicking a seemingly honest link may land you on a page which looks familiar such as PayPal and often requires you to enter a username and password which can be stripped and used against you  from what you think is a legitimate website that you log into regularly. 

Why we fall for Phishing scams

We tend to open this type of email because they generate a sense of anxiety and fear in us, we are afraid of losing large sums of money or we are afraid of losing access to our financial or social accounts. 

Prevention (how to not fall for Phishing scams)

How can you detect this type of email?

1. The subject generally concerns: orders, invoices, shipments, social accounts, taxes and income, help messages, legal issues, inheritance and gifts, prize wins.
2. In addition, the character "r" or "fwd" is often inserted in the subject, which implies that it is a response to your request message or a forwarded email.
3. The message is often but not always poorly written: with grammatical and / or spelling errors.
4. The logo can often have a strange aspect: for example the reproduction of a known brand in low resolution or not well formatted.
5. The URL of the link does not match the brand you expect. The link does not refer to the brand written in the email.
6. The sender email domain typically does not match the brand in the subject or content.
7. If in doubt about the sender of the email, directly contact the organization that presumably sent you the message, instead of clicking the link or opening the attachment of the email.
8. Pay more attention to the formatting of the email to check for unusual grammatical errors, grainy logos, or fake links.

What to do if you feel you have fallen for a Phishing type scam?

If, by mistake, you have already clicked on links in the email, do not enter any sensitive data and close the page! Remember: no one will ask you to enter your sensitive data (change of password) if not expressly requested by you or if no abnormal behavior is identified on your account.

In case you have fallen victim to phishing, here's how you can mitigate its effects

1. Run a full scan of your device
2. Speak with the company you assumed was the correct one such as your bank and explain that you may have accidentally fallen for a Phishing scam
3. Change any passwords you use online
4. Back up all your files

Conclusion

You are now better prepared to recognize this type of attack! Don't get anxious when you receive an urgent email!