According to IBM’s 2022 Cost of Data Breach Report, the use of stolen or compromised credentials from phishing scams remains the most common cause of a data breach,
with the average cost of data breaches rising from $2.24m in 2021 to $4.34m in 2022.
Different types of email phishing scams
Phishing was first described in 1987. Since then, it’s evolved as cybercriminals find new ways and new technologies to exploit vulnerabilities and steal private information through emails, text messages, advertisements, fake websites, and other means.
Since the majority of phishing scams are delivered by email, we’re sharing five of the most pervasive email phishing scams below:
- Standard Email Phishing Scams: This most well-known scam is an attempt to steal sensitive information via emails that seem to come from a legitimate organization. They are usually sent out far and wide, without necessarily targeting an individual.
- Malware Phishing Scams: These scams use the same techniques as a standard email phishing scam, encouraging users to click a link or download an attachment to unknowingly install malware.
- Spear Phishing Scams: While standard phishing scams cast a wide net, spear phishing scams tend to be well-researched and are highly targeted at business executives, public figures, celebrities, and other lucrative targets.
- Clone Phishing Scams: In a clone phishing attack, cybercriminals compromise a person’s email account and make changes to an existing email, such as swapping a legitimate link or attachment with a malicious one, before sending it to the person’s contacts.
- BEC (Business Email Compromise): This type of phishing attack involves a phony email being sent from someone who appears to be in, or associated with, a trusted organization, and often, requesting urgent action. This type of email phishing scam was reported to have caused nearly half of all cybercrime-related business losses in 2019.
Tips to spot an email phishing scam
No matter how informed you are, as technology and cybercrime tactics evolve – such as through the use of AI tools like ChatGPT – email phishing scams become increasingly clever and difficult to identify. Here are some tips to spot an email phishing scam:
- Demands for urgent action. Emails tend to demand immediate action with the threat of negative consequence or loss of opportunity. This aims to rush the recipient into action before realizing the email’s flaws or inconsistencies.
- Bad grammar and spelling. The odd typo aside, phishing scam emails are often riddled with bad grammar and spelling mistakes.
- An unfamiliar greeting. Emails sent in phishing scams begin with an unfamiliar salutation or title that’s not normally used in business communication or conversations with colleagues.
- Email addresses, links, and domain name inconsistencies. If a suspicious email appears to come from an organization you know, make sure the email address matches previous emails from the same organization. You can also check if a link in an email is legitimate by hovering the mouse pointer over it.
- Suspicious attachments. Workplace file sharing tends to take place using trusted collaborations tools. Emails with attachments should always be treated with suspicion, particularly if they have an unfamiliar extension, or one commonly associated with malware, such as .zip, .eve, .scr, among others.
Protect your organization
Cyber risks, particularly email phishing scams, pose a real threat to your organization. A primary means of protecting it is to educate employees on how to spot a phishing scam, while instructing them not to open emails, click on links, or download attachments, from untrusted sources, as well as sources that may appear legitimate at first glance, but ultimately aren’t.
Given the rapid evolution of cybercrimes and technology, it’s necessary to take steps to prevent your domain from being used by cybercriminals in email phishing scams and other attacks.
An important step is to ensure compliance with DMARC, a global cyber security standard, that’s designed to stop cybercriminals from impersonating your organizations email addresses.
For other detailed suggestions on how to protect yourself and your organization from cybercrime threats, including email phishing scams, read our blog post on email security best practices in 2023 – protect your business and your bottom line.
With 91% of cybercrime starting with phishing, it’s now a necessity for users and organizations to employ multiple layers of protection as a safeguard against attacks.
To find out more about how Sendmarc can help, contact us today.