Day in and day out, your inbox may have phishing emails mingled in with communications from friends or business associates. Perhaps the scam email appears to be from a prospective employer you’ve wanted to meet or from your bank. The phishing deluge seeks to wear us down until we click on the bait without thinking about the risks. Since it only takes one click to become hooked, you should know some of the subject lines that are most successfully used by scammers and be alert for them.
According to KnowBe4, a data security firm that trains employees to avoid this trap, the promise of cash boosts the odds that you will swallow the bait. The promise of money is the first category the firm documented as an effective scam. Other subject lines that earn a high click rate involve the offer of free food (think pizza or cocktails) or the threat of losing something, like your benefits or access to one of your accounts. You may have received an infamous “Confirm your identity or you’ll be locked out” email that includes your bank’s logo but is not from a legitimate source. Another category is the curiosity hook. Someone you don’t know wants to connect on LinkedIn, or you’ve been tagged in a photo that you simply must see.
KnowBe4 experts reviewed millions of test phishing emails showing just how predictable humans can be. For example, the fourth quarter of 2017 showed a surge in “package delivery attempt” phishing emails and an astonishing but understandable 34 percent click rate. Who wouldn’t like a pricey gift delivered at holiday time?
Wonder if certain employers are more prone to phishing attacks? KnowBe4 also developed a list of the top industries targeted. You might be surprised that not-for-profits click on more phishing emails than other large organizations.
Can You Spot the Phish?
This problem isn’t going away, so it’s smart to test your ability to spot phishing emails. The task may be more daunting than you might realize.
There are a number of free testing options offered by online security experts such as OpenDNS. It only takes a minute but could increase your awareness considerably. Another choice is SonicWAll’s, 20-question test. If you miss a few, study the explanation for each incorrect answer to tune up your phish-finding skills.
Invite your co-workers to join in and compare notes. Working together can help better safeguard against malicious attacks.
Report Phishing Emails and Texts
If you believe you’ve received a phishing email through your work email address, follow your company’s policy on how to respond to the threat.
If you believe that you personally have received a phishing email or text, you can help stop the fraudsters. The Federal Trade Commission (FTC) recommends filing a report at FTC.gov/complaint as well as forwarding the phishing emails to firstname.lastname@example.org and the organization being impersonated in the email if it’s a real company.
Join the global fight against phishing by reporting the phishing email to the Anti-Phishing Working Group (APWG) at email@example.com. This group of ISPs, security vendors, financial institutions, and law enforcement agencies is working to unify the worldwide response to cybercrime.