As your local insurance and risk management professionals, we’re always on the lookout for emerging threats that might impact you and your family. So, we definitely want to alert you to an uptick in the number of cybercrime events that our clients are reporting to us and their insurance companies. These cyber incidents have run the gamut from criminals hacking into and taking over email conversations to bad actors deceiving an individual into buying and sending gift cards. But by far the most common cyberattacks involve some form of phishing scam.
We’re not the only ones taking note of this alarming trend. The Federal Bureau of Investigation (FBI) reports that phishing is No. 1 in its list of the “Top Five Internet Crime Types.” In fact, over the past five years, phishing has reigned supreme over all other types of cybercrimes, with more than five times the number of complaints filed as the list’s runner-up, a personal data breach.
Despite phishing’s increasing prevalence in the digital world, there are ways you may be able to recognize phishing before it hooks you. The Fred C. Church team has insights and tips to share that may help protect you and your family from this popular method of cyberattack.
How Do Phishing Attacks Work?
When a cybercriminal perpetrates a phishing attack, they try to lure you in with a seemingly legitimate message, typically via email, text, or social media post, by making it look like it’s from a person or organization you know and trust.
Hackers are usually trying to get you to click on a harmful link that could compromise your computer, expose personal information, or lead to unauthorized financial transactions.
While phishing may sound like a complex cybercrime to commit, it is actually one of the most turnkey hacks for bad actors to execute. So simple, in fact, that it’s estimated cybercriminals are collectively sending out three billion phishing emails per day. The odds are extremely high that a phishing scam is going to hit your inbox, pop up as a text message on your phone, or show up in your DMs soon—if it’s not already waiting for you there right now.
What Are Some Examples of Phishing Scams?
As easy as this crime is to commit, identifying a phishing scam can be difficult. Hackers today are savvy. Many take time before they attack to research their targets and their vulnerabilities in order to determine what type of phishing scheme might work best to trick and trap someone. In addition, just when cybersecurity experts think they’ve got a handle on the latest phishing method, cybercriminals will catch on and alter them.
But while phishing attacks are constantly evolving, it is still beneficial to be aware of some of the most common scams floating out there, including these five:
- Invoice Phishing Scam: You get an email stating that you have an outstanding invoice from a known vendor or company and providing you with a link to access and pay your bill. Instead, the criminal is primed to steal your personal information and funds.
- Payment/Delivery Phishing Scam: You receive a request to provide an updated credit card number or other personal information from a vendor or supplier you’ve used in the past so that an order can be fulfilled.
- IRS Phishing Scam: You get an urgent email indicating that you owe money to the Internal Revenue Service (IRS). The email is laden with threats that the government will take legal action against you if you don’t follow the link provided and pay your tax debt immediately. (Please note the IRS states they will not initiate contact with taxpayers by email, text messages, or social media channels to request personal or financial information.)
- Downloads Phishing Scam: You receive an email asking you to open or download an attached document. However, if you follow through, the message in the attachment directs you to sign in to another site, such as an email or file-sharing website, to open another document. The attacker hopes that you will log in to the site so they will not only get your credentials but also access more personal information.
- Quishing (or QR Code Phishing) Scam: You get an email or social media message with an embedded QR code and are urged to scan it to access something enticing, like a cash prize. Instead, by scanning the code, you either end up on a fraudulent website, where attackers grab your sensitive information, or download ransomware or other programs that lock you out of your data and device.
How Can You Avoid Falling Hook, Line, and Sinker for a Phishing Scam?
The five types of phishing attacks we’ve discussed certainly do not reflect the breadth of scams that are currently lurking out there in cyberspace—or could surface in the future. However, there are several insights to be gained from understanding how these trending scams work. Here are some tips that may help better protect you, your devices, and data from a phisher:
- Before clicking a link or sharing any personal information online, always look up the website or phone number provided in a text or email to make sure it is actually connected with a real company or person.
- Call and confirm with the individual or vendor requesting personal information from you that they really do need these details—but make sure to use a number you know is correct rather than the one included in the email or text.
- Check for a website’s security by looking for a lock icon or an address that begins with “https:.”
- Use complex and unique passwords for all accounts, and, wherever possible, implement multifactor and/or biometric authentication (e.g., log in with your fingerprint or facial features).
- Keep up to date with all security patches and updates for your devices and regularly perform data backups to an external storage drive or to the cloud.
Despite your best defensive efforts, you could still become a phishing victim. However, there are ways the Fred C. Church team may be able to help you lessen the related financial and reputational consequences of an attack.
We would be glad to share the advantages of adding personal cyber risk management solutions, like a Personal Cyber Insurance and an Identity Fraud Expense Coverage endorsement, to your insurance plan. These highly cost-effective home insurance options typically assist you in finding and paying for resources to aid in your recovery from phishing schemes and other cyberattacks.
Please contact us for more information about these coverages or our other personal insurance solutions designed to better protect you, your assets, and your loved ones. Our knowledgeable insurance professionals are always just a phone call away.
Sources:
- https://learn.microsoft.com/en-us/defender-endpoint/malware/phishing-trends
- https://www.ic3.gov/Media/PDF/AnnualReport/2023_IC3Report.pdf
- https://www.frontiersin.org/journals/computer-science/articles/10.3389/fcomp.2021.563060/full
- https://www.cloudflare.com/learning/security/what-is-quishing/
- https://www.irs.gov/privacy-disclosure/report-phishing