Many online businesses would be ecstatic if their email promotions would yield a 1-percent response rate that translated to a purchase. Phishing does even better. Much better. Phishing?
Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. The word is a neologism created as a homophone of fishing due to the similarity of using a bait in an attempt to catch a victim.
Pure trickery in the form of email. Those of us who receive plenty of email spam also receive a healthy dose of phishing attempts in various forms.
Phishing scams aim to trick staff into handing over data — normally usernames and passwords — by posing as legitimate email. It’s a technique used by the lowliest criminals as part of ransomware campaigns, right up to state-backed hackers because it continues to be such an effective method.
Effective indeed. Ranger outlines the dangers and the results of such phishing.
Almost a quarter of users clicked the link to be taken through to a fake login screen, with more than half going on to provide a username and password, and four out of five then going on to download a file.
A spoof email claiming to be from the HR department referring to the appraisal system was also very effective: nearly one in five clicked the link, and three-quarters provided more credentials, with a similar percentage going on to download a file.
The past week we’ve received multiple phone calls from a voice claiming to be from the I.R.S. (Internal Revenue Service) informing us of an investigation and an imminent lawsuit. Each gave a call back phone number. Each was a scam in progress. How many people who receive such calls actually fall for the scam? Too many.
For me, installing SpamSieve to capture and segregate incoming email spam helps; partly because I’ve been on the public internet for a few decades, have plenty of old email addresses, and they’re on far too many spam lists, so I can receive many hundreds of such messages– including phishing attempts– every day.
Since we cannot stop email spam and phishing attempts at the source, it’s important to stop it before it reaches your email inbox. For most Mac, iPhone, and iPad users, that’s Apple’s own email app, Mail.
Mail on the Mac has a somewhat anemic Junk Mail filter which does not compare favorably to SpamSieve, but it can help with Mail on iPhone and iPad which do not have an email spam filter. By running SpamSieve on a Mac and filtering out email spam before it reaches the Mac’s Mail inbox, it also never reaches the Mail app for iPhone and iPad. Of course, this assumes you’re using IMAP email, but if you’re not, you should.
Ranger highlighted statistics from MWR Infosecurity’s research on phishing tests and the results are stunning and explain exactly why we get so much email spam, and why phishing attempts need to be blocked before email reaches the inbox. People are too trusting and too susceptible to taking part in sophisticated scams.