I’m sure you have all received that one email.  It appears to be from Apple, FedEx/UPS, the IRS, American Airlines or another company you are familiar with.  It includes a few links or an attachment and instructs you to click on the links or attachment to update account information.  They look legit, right?  Have you ever clicked on the link or opened the attachment?  This is known as a phishing attack.  It’s when cyber-criminals use fraudulent emails to steal sensitive information from random targets.  Over 90% of all cyber-attacks start with a phishing attempt.

Spear Phishing is a targeted attempt to steal sensitive information.  Nearly 93% of spear phishing email attempts on Corporations contain malware or Ransomware.  I’ve witnessed Ransomware firsthand and watched it spread through a network encrypting files as it went.  It’s dangerous stuff.  If you don’t have a backup of your data, you run the risk of losing it.  In 2017, Global damages exceeded $5 billion, and by 2019 it is predicted to exceed $11.9 billion.  One in five companies also never received their files after paying the ransom.  I can’t stress how important it is to always backup your data, but more importantly NEVER fall prey and click on the link or attachment.  It opens the door to downtime and loss of data.

So how do you identify a phishing attempt?  Look for the clues.  Is the punctuation off, is the sender’s email address incorrect, is the email signature incorrect?   Did your email provider mark it as spam or a phishing attempt?  Hackers are always one step ahead and spoofing an email address is all too easy nowadays.  The first thing I would suggest to you is to carefully examine the sender’s email address.  If the email “came” from UPS but the senders address is imgoingtogetyourinfo@ups.clickthislink.us.com, that isn’t from UPS.  UPS, or any other known vendor/brand, typically uses their name as the domain in their email address i.e. @ups.com, @fedex.com, @apple.com and so on.  If it’s a targeted attempt, the email address may look correct but the punctuation will be off or something else will be incorrect about the email.  If you are ever unsure, you are welcome to forward the email to me so I can take a look.

Here are a few more stats I read in a book recently, ‘Hacked Again’ by Scott, Schober.  They are a few years old but interesting nonetheless.

• 156 million phishing emails are sent every day by cybercriminals globally.
• Sixteen million emails make it through the SPAM filters.
• Eight million people open the emails.
• 80,000 people (or ten percent) fall for a scam every day and share their personal information.