Google recently released a new study that it did in conjunction with researchers at Stanford University in which it studied more than a billion malicious emails targeting gmail users. The study has a number of interesting points that can help us all protect ourselves from phishing and spear phishing emails. Phishing and the more specifically tailored and targeted spear phishing emails are the primary way that malware is delivered, data breaches are accomplished and many scams originate. These legitimate appearing phishing and spear phishing emails most commonly lure victims into either providing personal information that is used to make you a victim of identity theft or to click on links infected with malware such as ransomware or keystroke logging malware that can enable the hacker to go through your computer or phone for information that can be used to make you a victim of identity theft.
The study found how massive the threat of phishing and spear phishing emails are with the number of phishing emails totalling more than a hundred million each day. During the pandemic, at its peak, the number of phishing and spear phishing emails related to the Coronavirus pandemic reached as high as 18 million in a single day.
The study also found the United States was the country most targeted by phishing and spear phishing emails, followed by the United Kingdom and Japan although Australians are actually twice as likely to be targeted by a phishing or spear phishing attack than people in the United States when you consider their relative population size. According to the study, people between the ages of 55 and 64 are 1.64 times more likely to be targeted by these attacks than people between the ages of 18 and 24. Most significantly, the study found that if your personal information was compromised in a data breach, your are five times more likely to be targeted by a phishing or spear phishing attack and with data breaches reaching record levels during the Coronavirus pandemic, this is bad news for many people.
So what can you do to protect yourself?
First and foremost you should remember my motto, “trust me, you can’t trust anyone.” Whenever you get an email requesting personal information or asking you to click on a link, you should be skeptical. You can never be sure who is actually contacting you. The first thing you should do is check the email address of the sender. Often phishing and spear phishing emails are sent in large number by criminals using botnets which are networks of hacked and infected computers used by cybercriminals to send out phishing emails in a manner that cannot readily be traced back to them. However, if you get a phishing email that appears to come from Netflix for example and the email address of the sender is that of a individual person, you can be confident that the email is a phishing email and you should ignore it and delete it.
Even if the email address of the sender appears to be legitimate, sophisticated cybercriminals can make the email address appear to be that of a legitimate source. Still you shouldn’t trust it, but rather should absolutely confirm any email that asks for personal information or for you to click on a link that it is legitimate.
You should also use strong security software on all of your electronic devices including your phone and computer, however, you should not rely on these to be foolproof. Never underestimate the power of a fool or a cybercriminal. Even if you keep your security software updated with the latest security patches as soon as they are made available (which is very important to do), the latest versions of malware are always at least a month ahead of the security software companies.
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Scamicide has been cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/