In this article I’ll try to not get too far into the weeds or leave you reeling from data overload and although this topic is often discussed, unfortunately it bears repeating.
In an era of rapid technological advancement, our interconnected world has brought unparalleled convenience and efficiency to our fingertips. However, this convenience has come at a cost: the proliferation of cyber-attacks that threaten the very fabric of our digital lives. While the topic of cyber-attacks is often discussed, its significance cannot be overstated. As an IT Administrator and Web Developer with over three decades of experience, I’ve witnessed an array of attacks – from the infamous Nigerian email scams to the sophisticated DDOS, SQL Injection, and Zero-day assaults. This article aims to shed light on the evolving landscape of cyber-attacks, the tactics employed by cyber criminals, and proactive measures to detect and neutralize potential threats.
The Shapeshifting Threat Landscape
As technology advances, so do the tactics of cyber criminals. Over the last 30 plus years, our growing reliance on email, texting and messaging apps, has enhanced our ability to communicate instantly and effectively and that convenience has also given us a false sense of security. As useful and helpful as these mediums are, they’ve also created an avenue for criminals to capitalize on.
While some methods have grown more sophisticated, email scams and phishing attempts remain go-to strategies for cyber criminals. Symantec’s 2020 report reveals that email accounted for a staggering 92% nationally and 96% of all phishing attacks on a global scale. Malicious websites and phone-based attacks constituted the remaining 3% and 1%, respectively.
The Persistence of Email Scams and Phishing Attacks
Email scams have taken various forms over the years, from the infamous Nigerian prince requesting funds to promises of unrealistically high returns on investments. Phishing attacks, on the other hand, involve luring victims into divulging sensitive information such as passwords, credit card details, or personal identification through seemingly legitimate communication channels. These methods may sound elementary, but they remain effective due to the psychology of trust and urgency they exploit. Cyber criminals meticulously craft emails that mimic trusted sources or evoke fear, pushing recipients to click on malicious links or download infected attachments. As technology improves, so does the camouflage – these emails often appear legitimate even to the trained eye.
Armed with Sophistication: DDOS, SQL Injection, and Zero-day Attacks
While email scams still reign supreme as the preferred threat vector for cyber criminals, more sophisticated strategies are often employed. Distributed Denial of Service (DDOS) attacks flood websites with a barrage of traffic, overwhelming their servers and rendering them inaccessible. SQL Injection exploits vulnerabilities in web applications to gain unauthorized access to databases, potentially exposing sensitive data. Zero-day attacks target unpatched vulnerabilities in software, exploiting the gap between the discovery of the vulnerability and the release of a fix. These methods are increasingly intricate and capable of inflicting severe damage on individuals, businesses, and institutions.
Cybercrime is a major global threat, with billions of dollars lost each year to a wide range of cyber attacks, including phishing, ransomware, and data breaches. Governments and organizations around the world are investing in cybersecurity measures to protect themselves and their users from these growing threats and this is not an easy or cheap task to undertake.
According to a to report by the FBI’s Internet Crime Complaint Center (IC3) there were over 800,000 reported phishing attacks, with financial losses of over $10 Billion dollars in 2022 alone.
So how do phishing and hacking networks operate. Phishing attacks typically involve the use of fraudulent emails or websites that are designed to look like legitimate ones in order to trick individuals into providing sensitive information such as usernames, passwords, credit card numbers, or other personal details. These attacks can take many different forms, including:
Spear phishing: Are a more targeted form of phishing that involves personalized messages that are designed to look like they are coming from a trusted source.
Spoofing: Email spoofing is the creation of email messages with a forged sender address. The term applies to email purporting to be from an address which is not actually the sender’s; mail sent in reply to that address may bounce or be delivered to an unrelated party whose identity has been faked
Whaling: A form of phishing that targets high-level executives or other important individuals within an organization.
Vishing: A type of phishing attack that uses voice or phone calls to trick individuals into providing personal information.
Smishing: A type of phishing attack that uses SMS or text messages to trick individuals into providing personal information.
Phishing attacks are often carried out by organized criminal networks that use sophisticated tools and techniques to create convincing fake emails and websites. These networks may also use social engineering tactics to gather information about potential victims, such as their interests, job titles, and personal relationships, in order to make their attacks more convincing.
While it’s difficult to estimate the exact number of people affected by phishing and hacking scams, as many attacks go unreported or undetected. However, studies suggest that phishing is one of the most common forms of cybercrime, with millions of individuals falling victim to these attacks every year.
A 2021 study by Proofpoint found that 75% of organizations around the world experienced a phishing attack in 2020.
In a survey conducted by Google in 2019, it was found that around 1.5% of all phishing emails successfully tricked users into providing sensitive information.
While a 2020 report by Symantec found that individuals aged 20-29 were most likely to fall for phishing attacks, with a click rate of 35%, compared to a click rate of just 13% for individuals over the age of 60.
Who’s Targeted More Often?
That’s a tough quesion to answer, as there isn’t a lot of available data on this topic specifically related to phishing and hacking scams. However, studies have shown that women are more likely to fall victim to certain types of online scams; for example, romance or e-commerce scam’s. With a show of (virtual) hands, who here has seen those sketchy paypal and amazon security alert email scams or the infamous prince from Nigeria?
Additionally, men are more likely to be targeted by business email compromise (BEC) scams, which are a type of phishing attack that targets businesses rather than individuals.
It’s important to note that anyone can fall victim to phishing and hacking scams, regardless of their age or gender. That’s why it’s essential to take steps to protect yourself from these attacks.
If phishing scams aren’t enough, there are also viruses, ransomware and other types of malware that are just waiting for the chance to replicate themselves and infect and target as many systems as possible.
In 2020, the cybersecurity company SonicWall reported that it had recorded over 9.9 billion malware attacks throughout the year. This included viruses, ransomware, and other types of malware. Another cybersecurity company, McAfee, reported that it had discovered over 500 new threats every minute in the first quarter of 2021. The sheer volume of new viruses and other types of malware makes it difficult for security experts to keep up, and underscores the importance of having up-to-date antivirus software and other security measures in place to protect against these threats.
So Is this The Apocalypse?
Not quite… as bleak and alarming as all this sounds, there are easy ways to help mitigate your risk and keep your data and systems safe. In the case of the various phishing scams, scammers send fraudulent emails, Texts or messages via apps, like Facebook Messenger or What’s App, in an attempt to trick people into revealing sensitive information, such as passwords, credit card numbers or bank account information and have become increasingly common and people running these scams have gotten very good at making them seem convincing. A couple of commonly used scams are ones that appear to come from PayPal, Amazon or Netflix, claiming that your account has been compromised and you need to log-in via a link the email provides to fix the issue, in the hopes you’ll provide sensitive non-public information, such as your banking information.
So What Exactly Can You Do? There are number of things that can help minimize your exposure to these types of scams:
Step 1: Be wary of unsolicited emails. If you receive an email from someone you don’t know or weren’t expecting, be cautious. Especially if it contains an attachment or a link.
Step 2: Check the sender’s email address. If the email seems to be from a legitimate company, check the email address of the sender. Legitimate emails should come from a company’s official email domain, and not from a personal or spoofed email address.
Step 3: Look for spelling and grammar errors. Phishing emails often have spelling and grammar errors, so read the email carefully. If you spot any mistakes or irregularities, it’s likely a phishing scam.
Step 4: Check the URL before clicking. Hover over the link in the email and check the URL. If it looks suspicious or unfamiliar, don’t click on it. For example, lets say you receive an email from Amazon and it claims they have new items for you to look at. It will likely provide a link with the following text https://www.amazon.com/gp/new-releases/?ref_=nav_cs_newreleases, but if you hover over the link, but dont click it, it will reveal where the link is really taking you to. If it shows the same URL at least connected to amazon.com, then it’s legit. If instead, you something entirely different, then it’s fake and not worth the risk.
Step 5: Don’t enter personal information. Legitimate companies will never ask you to enter personal information such as passwords, Social Security numbers, or bank account information in an email. If an email asks for this information, it’s a phishing scam.
Step 6: Use anti-phishing software. Install anti-phishing software on your computer or device. This software can help detect and prevent phishing attacks., I’ll list a few at the end of the article.
Step 7: Keep your software up-to-date. Keep your operating system and software up-to-date with the latest security patches and updates. This can help protect you from known security vulnerabilities.
Step 8: Don’t trust urgent or threatening messages. Phishing emails often create a sense of urgency to try and get you to act quickly. Don’t trust emails that threaten to close your account, for example, unless you take immediate action.
Step 9: Use strong passwords. Use strong, unique passwords for all of your online accounts. This can help prevent hackers from gaining access to your accounts and personal information.
Step 10: Report phishing attempts. If you receive a phishing email, report it to your email provider or the company it appears to be from. This can help prevent others from falling victim to the scam.
As promised here’s a list of 5 of the best personal and enterpise level cybersecurity solutions.
1. Avanan – was aquired and now owned by the American and Israeli IT and Cybersecurity company Check Point. Avanan offers email security protection solutions. Avanan has been a reliable cloud based email security platform that protects systems from attacks, phishing, malware and other security threats. – avanan.com
2. Cofense Email Security – A US based cybersecurity company that offers a complete suite of end-to-end email security solutions that make it easier to stop threats like ransomware and BEC style attacks. – cofense.com
3. Bit Defender – Romanian Based Cybersecurity Company, produces one of the industries best Anti-virus and Malware Applications.They offer a free home use version and paid enterprise level solutions – bitdefender.com
4. Avast – Headquartered in Prague, the Czech Republic, has a strong reputation and decades worth of experience in the antivirus space and over the years they’ve added a ton of features to their free and fee based versions. It also happens be one of my favorite tools to use, both on my systems at home and mobile devices. – Avast.com
5. Crowdstrike – Is a higher tier US based cybersecurity company that specializes in EDR, Ransomware Prevention & Threat Detection and Response. – Crowdstrike.com
Remember, email phishing scams are serious business and can lead to identity theft, financial loss, and other problems. But with a little bit of caution and the right tools, you can protect yourself and stay safe online. So stay vigilant, stay up-to-date, and stay safe!
