We are all aware of the impacts of cybercrime on people and businesses in Aotearoa. Indeed, it is a regular topic of this column but I make no apology for raising it once again. According to Cert NZ, the average number of cyber incident reports per quarter is 2191 resulting in an average direct financial loss of $4.9 million.
In the Bay of Plenty a lot of us enjoy fishing. However, increasing numbers of us are being targeted by the other type of Phishing.
Phishing attacks aim to deceive people into revealing sensitive information, such as passwords, credit card details, or personal identification numbers (PINs). CERT NZ’s 2023 Q1 report states that out of 1968 reported incidents, 946 were Phishing and credential harvesting.
Phishing comes in a number of forms:
Classic email phishing –Cybercriminals send deceptive emails that mimic legitimate organisations or individuals, tricking recipients into divulging confidential information. These emails often contain urgent requests, enticing users to click on malicious links or provide personal details.
Spear phishing – This is a more targeted and sophisticated. Cybercriminals gather information about specific individuals or organisations and tailor their attacks accordingly. By using personalised messages or posing as trusted contacts, attackers increase the likelihood of success. These attacks have been known to target government officials, executives, or employees with access to sensitive data.
Smishing – A combination of SMS and phishing – attackers send text messages containing malicious links or ask recipients to reply with personal information.
Who is being targeted?
Phishing attacks often target employees of organisations, seeking access to sensitive company data or credentials. By impersonating colleagues or high-ranking executives, cybercriminals aim to exploit human vulnerability and gain unauthorised access to corporate networks.
Elderly individuals, who may be less technologically savvy, are often targeted by phishing scams.
Financial organisations are also common targets. Cybercriminals send emails or text messages disguised as legitimate financial institutions, attempting to trick recipients into disclosing their online banking credentials or other sensitive information, leading to unauthorised access to bank accounts and financial loss.
What can I do to protect myself?
Be wary of suspicious emails. Exercise caution when receiving emails from unfamiliar senders or those requesting personal information. Look out for misspellings, grammatical errors, or generic greetings. Legitimate organisations usually address customers by name and use professional language.
Verify the sender’s identity. Before clicking on any links or providing sensitive information, verify the sender’s identity. Hover over links to reveal the actual URL (web address) and ensure it matches the organisation’s legitimate website. If in doubt, contact the organisation directly. No financial institution, especially banks, would ask you for your password.
Avoid clicking on suspicious links. Do not click on links in emails or text messages that seem suspicious, especially those asking for personal information. Instead, manually type the organisation’s web address into your browser or use a trusted bookmark.
Keep security software updated. Regularly update your antivirus and anti-malware software to protect against the latest threats. These tools can detect and block phishing attempts, providing an extra layer of security.
Enable multi-factor authentication. Wherever possible, enable multi-factor authentication (MFA). MFA adds an extra layer of protection by requiring two or more forms of authentication, such as a password and a unique verification code sent to your mobile device.
Regularly back up data. Phishing attacks pose a significant threat to all of us. Recognising the different forms of phishing and implementing preventive measures is crucial in protecting personal and financial information from cybercriminals.
Related: Two steps, too easy