In a recent Google study, it was discovered that e-mail phishing is still very effective, the numbers come in just under half of those in the study where fooled. Even after all the years of user awareness and companies reminding us constantly, for some reason these spam e-mails are still working.
If you don’t know what a phishing scam is, it’s quite a simple plan. First they will send out e-mails claiming to be a legitimate bank, finance broker, insurance company etc.. and hope to get someone who is with one of those company’s to click on their link inside the email, usually the e-mail will contain instructions to reset your password as they believe it was compromised or any numerous excuses. That link you click on though will look like a legitimate website but infact it is a fake site that will copy the username and password you enter, then when you login you are usually presented with the real login screen, most people think they made a mistake and will login again, this time successfully.
The study also found that 20% of the hackers used these login credential within half an hour, so they work fast and are in and out before you know it.
The best mitigation procedures to avoid getting phished is to:
- Manually type the address in and avoid link within emails
- Create a sophisticated passphrase and change it often
- Setup two factor authentication to create a dynamic barrier for the hackers to overcome