Last updated: August 2021

Have you noticed more spam mail this year? You’re not alone. In 2020, spam emails averaged just over 50% of all global email traffic. Furthermore, PhishLabs identified a 47% increase in phishing attempts from 2020 to 2021.

They’ve become all too commonplace: those pesky emails that flood your inbox, designed only to siphon your personal and most sensitive information without you knowing. Some are easier to detect than others; if you get an email from a Nigerian prince looking for a place to store his fortune, for example, it’s probably best to delete it. Unfortunately, these “Nigerian” scammers were still a major threat in 2020, especially with content related to the pandemic.

But others are craftier, better designed and harder to detect. These digital scam artists have become quite adept at making fraudulent emails look exactly like legitimate ones, often time from businesses or establishments with which you are familiar and trust. Phishing emails commonly impersonate businesses like PayPal, Apple and banks to steal your personal information like account login. But according to the PhishLabs report, social media accounts are also a trending target, as many users are more carless about securing them. It’s not just emails either.

So what can you do to avoid becoming a victim? There are steps you can take to minimize your risk. By following these 10 tips you'll be well on your way to becoming a phishing scam defense expert.

What is phishing?

Phishing is defined as leveraging or exploiting the design of web pages, text messages, social media direct messages and emails in a social engineering attack that tricks the user into thinking they are in a legitimate and secure web session with a trusted site or individual. Often phishing emails will contain links to these phishing sites, which appear to be real. In reality, the phishing site is designed to install malicious software or acquire personal information, including credit card numbers, personal identification numbers (PINs), social security numbers, banking numbers and passwords. This information is then used by the phisher for identity theft, to steal money or for other fraudulent purposes.

Who is the target of phishing?

Phishers will go after anyone, but they tend to target CEO and CFOs, legal firms, human resources and financial institutions. Additionally, in recent years online stores and social networks have seen an increase in attacks. These groups have client data and sensitive information that attackers aim for and need to be on high alert to protect themselves from phishing scams.

How to protect yourself from phishing

So what can you do to avoid becoming a victim of phishing? There are steps you can take to minimize your risk. By following these 10 tips, you’ll be well on your way to becoming a phishing scam defense expert.

1. Instead of clicking on a link in an email, open a new browser page and type in the address/URL for the site that you intended to visit. Sometimes a fraudulent link will be very similar to a trusted one, just changing a few imperceptible letters.
2. Upgrade both your operating system and browser software. The latest versions of most browsers come equipped with anti-phishing filters. As attackers devise new attacks, software updates improve your filters.
3. It’s a good idea to block pop-ups when browsing the internet. You can find your way around the web without the help of unsolicited directions.
4. Never input personal information into pop-up windows unless you are completely confident they are from the intended site.
5. For day-to-day computer use, use a standard user account instead of an administrator account. Switch over to the administrator account only when administrator functions are necessary. This protects your computer by reducing access to critical administrative functions.
6. Delete and do not open suspicious email messages. It may be tempting, and sometimes the subject line can be catchy or so generic that you want to learn more — but avoid the temptation and simply delete it.
7. Only accept trusted certificates on webpages. Do not ignore browser warnings. Sometimes we receive so many warnings from our computer or browser it’s almost like the boy who cried wolf. Don’t simply dismiss warnings you think you’ve seen without reading them thoroughly and considering the implications.
8. Do not click on links that will take you to an unfamiliar site or IP address.
9. Look out for any unsecure warnings from the browser. For instance, Chrome displays a warning triangle with “Not secure” in the address bar if a site does not have the HTTPS security protocol enabled. Enable malware protection. This can usually detect and deter most threats without you needing to do a thing.
10. In general, if you receive a phishing email do not open it, do not click on any links or attachments and delete it immediately. If you keep receiving suspicious emails, report them to the Anti-Phishing Working Group (APW).

How to report phishing

It’s also a best practice to forward phishing emails to reportphishing@apwg.org to the organization being impersonated and to report the phishing to ReportFraud.ftc.gov.

How to prevent phishing in your organization

Organizations can protect against phishing by enabling Domain-based Message Authentication, Reporting & Conformance (DMARC). DMARC is an email protocol that dictates email authentication and reporting to help prevent phishing and spoofing.

Once you have enabled DMARC, your organization can apply for a Verified Mark Certificate (VMC) that enables you to put your mark on email marketing and communications. A VMC allows you to render your brand logo in the sender field of email clients so that users know your message has been authenticated. It’s similar to being verified on social media, with the added security benefits of validation and DMARC to protect against phishing.

Organizations can get started on becoming DMARC compliant and acquiring a VMC now.

With remote working here to stay, securing email is relevant for today’s organizations to build trust online. Check out this additional blog post for more tips on securing remote email.

Learn more about phishing scams, the different types of scams out there and how to secure your email.