Phishing attacks are literally as old as the internet. You would think people would have outsmarted phishing attacks by the time 2016 rolled around. Unfortunately, according to a new report, that’s not the case.
A new report from the Anti-Phishing Working Group (APWG) revealed that there were more phishing attacks during the first quarter of 2016 “than at any other time in history.”
The study cited a huge spike in phishing activity between October 2015 and March 2016, where incidents rose as much as 250% compared to the average.
Phishing, for those out of the loop, is a tactic attackers use to trick you into giving up personal information online. They use a lure – like an emailed request – to convince you to give up your credit card data, Social Security Number, and other private information.
APWG recorded a steady rise in attacks from October to March. There were 48,114 unique phishing sites detected in October 2015. By March 2016, that number had risen to 123,555.
APWG reported that some businesses face a higher risk than others. The retail and service sector, for example, attracted 42.71% of attacks, making it the most-targeted industry sector during the first quarter of 2016.
The United States also maintained its position at the top of nations hosting phishing websites. However, the most-infected countries are China, where 57.24% of computers are infected, and Taiwan, where 49.15% of computers are infected.
The modern phishing attack often targets a specific brand.
For example, you might receive an email that your Amazon account needs to be updated. You click a link that directs you to your Amazon account page, and then enter verification information confirming it’s you.
The only problem is that the website isn’t the real Amazon website. You just entered private information into a phishing form.
According to APWG, 55 to 59% of phishing websites contain some form of the target name. So if attackers are trying to steal your bank account information, they might send you a URL that looks like www.iBankOfAmerica.com. A casual glance might miss the “i” at the front of the URL, and you could be convinced to enter your credentials.
When you receive an email from a company, don’t click on the link in that email. Instead, go to their website in a separate browser window and log in as you normally do.
A second easy tip is to check the URL anytime you’re entering personal information online. It’s an easy thing to do. Look for the “https” at the front of the URL and make sure the URL itself matches the website you think you’re on.
Ultimately, by following these basic tips, you can avoid 95% of phishing attacks. Be vigilant.