Cybercriminals send out phishing emails in vast numbers, often using tools or mailing lists that are readily available on the Dark Web.
Phishing involves criminals sending false messages that give the impression of being from reputable sources. Banks and service providers, such as Dropbox and PayPal, are among their favourites. The hacker designs the bogus email to tempt the recipient into clicking a link or providing login details.
How to spot a phishing scam email
Many cybercriminals who send phishing emails are intelligent and resourceful tricksters, always innovating. Nevertheless, most scam emails display one or more of these features:
- Spelling mistakes.
- Requesting login details, payment, or other sensitive information.
- Use of unofficial or inconsistent links.
- Persuasive requests for urgent action, e.g., trying to rush the recipient into cutting corners on cybersecurity.
Often, the sender’s email address is the main giveaway, but someone with the right training could flag this. Find out more about spotting phishing emails in this article.
92.4 per cent of malware is delivered by email
When someone in your business clicks a phishing link, it downloads malicious tools that can compromise your cybersecurity. This could involve destroying essential company files or holding your data hostage until you pay a ransom.
Malware often lies dormant in your system for an extended period. Some companies remain unaware that their IT has been compromised for up to 400 days after that fatal mouse click.
Your passwords are at risk
A phishing email may also deceive the recipient into logging on to a fake website, giving the cybercriminals access to confidential information, such as bank accounts and credit card numbers. Businesses throughout the world lose vast sums of money this way.
Then the problem escalates. Once cybercriminals have acquired passwords, they sell them on. More than 80 per cent of data breaches leverage stolen passwords obtained on the Dark Web — providing a “way in” for attacks.