What is phishing? Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. It can also be for the purpose of having people click on links that download malware.

How prevalent is it? According to a new study presented by Get Cyber Safe in an infographic called Phishing: How Many Take The Bait?, there are about 156 million phishing emails sent out each day. That is a lot of emails, and we are all getting them. Our spam filters catch around 90% of them. That leaves 16 million phishing emails still making it into our visual view. If even just 1% of users click on them, that is 16,000 people scammed each day.

How dangerous is it? Phishing is one of the most dangerous forms of cybercrime because, for the most part, it can’t be detected by regular antivirus software. Phishing scammers don’t need to infect your computer with a virus in order to obtain your information, because you will willingly give it up by following the link provided in the email.

How come so many people fall for it? Cybercriminals are very creative. They constantly shift their strategies. They send emails that seem to come from companies or people we know and trust. They appeal to our better natures by spoofing your boss’ email and asking you to buy some customer gifts. They appeal to our baser natures by luring us with prizes. They try to inject malware by having us click on an Unsubscribe link.

What can my company do to protect us? Protection is a three part process. First, your company should install a comprehensive email security platform, like Barracuda Essentials. Second, they should have a security awareness training program like KnowBe4. Third, they should test team members by sending fake phishing emails to see who falls for the scam. STIGroup can help you design and execute the right strategy for your company.

What can I do at home to protect myself and my family? The Federal Trade Commission suggests:

Four Steps to Protect Yourself From Phishing

1. Protect your computer by using security software. Set the software to update automatically so it can deal with any new security threats.

2. Protect your mobile phone by setting software to update automatically. These updates could give you critical protection against security threats.

3. Protect your accounts by using multi-factor authentication. Some accounts offer extra security by requiring two or more credentials to log in to your account. This is called multi-factor authentication. The additional credentials you need to log in to your account fall into two categories:

   1. Something you have — like a passcode you get via text message or an authentication app.

   2. Something you are — like a scan of your fingerprint, your retina, or your face.

      1. Multi-factor authentication makes it harder for scammers to log in to your accounts if they do get your username and password.

4. Protect your data by backing it up. Back up your data and make sure those backups aren’t connected to your home network. You can copy your computer files to an external hard drive or cloud storage. Back up the data on your phone, too.