Phishing scams are becoming dangerously common. According to research from the Government of Canada, over 156 million phishing emails are sent every day.
(This infographic tells the story of cyber criminals using email phishing scams to ensnare unsuspecting victims online. The images show a fleet of cyber pirates in their ships on a phishing trip.)
Using fake emails and crafty scams, phishers trawl the cyber high seas for your banking information, credit card numbers and passwords. Roughly 156 million 1 phishing emails are sent globally every day, so even if a fraction fall for the scam, phishers score big.
(A cartoon cyber pirate is shown from the chest up. He's missing a tooth, has a thick uni-brow and keeps his dark hair pulled back in a bun.)
156 Million Phishing Emails Every Day
Cyber criminals start their phishing trip by sending out millions of phishing emails.
(A fleet of pirate ships is sailing on the ocean. Their sails are painted with skull and crossbones, except the skull is actually an email icon.)
16 million make it through filters
Many phishing emails end their journey destroyed in spam filters; 10% make it through.
(The fleet of ships is shown hitting a group of rocks. Only a few ships make it through. The rocks represent email filters, and how many phishing emails get caught in them.)
8 million are opened.
Of those that make it through spam filters, half continue their journey by being opened.
(The leftover ships sink in a thunderstorm. We see the phishers leaving the storm, paddling in lifeboats, continuing their phishing trip.)
800,000 links are clicked
Of those emails that are opened, 10% lure someone into clicking on a phishing link.
(The phishers are shown casting their nets and pulling them in, filled with fish.)
80,000 fall for a scam every day and share their personal information.
And finally, another 10% of people who click the link are netted by the baited website.2 Their information results in stolen identities, financial loss, credit card frauds and other Internet scams. So in the end, these phishing emails hook about 80,000 victims. Not bad for a day's work.
(A single phisher is in the foreground, his nets filled with fish, representing the many victims that result from a single phishing trip.)
Who's taking the bait?
If you've ever clicked on one of those devious little emails, you're not alone.
9% of online Canadians have replied to spam mail unknowingly.3
7% have replied to spoof or phishing mail unknowingly.3
3% have entered bank details on a site they don't know.3 That's over 1 million Canadians.4
Don't get phished!
Phishing emails often look like real emails from a trusted source such as your bank or an online retailer, right down to logos and graphics.
They may ask you to verify your account, or warn you that your account will be closed if you don't respond.
Be wary of any email asking you to provide personal information; if you're not sure an email is legitimate, get in touch with your bank or the company to verify.
Visit Getcybersafe.gc.ca for more tips on how to avoid phishing scams.
About these numbers
The numbers in this infographic represent an approximation of the global totals of phishing emails and subsequent victims. Though the actual totals are impossible to know for certain and will fluctuate, the trend stays the same.
Symantec Security Technology and Response Group, August 2012
Cyveillance, “The Cost of Phishing: Understanding the True Cost Dynamics Behind Phishing Attacks,” 2009
EKOS Research Associates, “Baseline, Online Probability Survey of Internet Users Regarding Cyber Security,” 2011
Based on the Statistics Canada estimate of Canada's population of about 34,880,000, July 2012
Most phishing emails are caught by spam filters and others are obviously bogus, but many are convincing. You need to be aware of the dangers phishing attacks pose and take the steps to protect yourself.
What Is a Phishing Attack?
In September, the FBI reported that a single phishing scam cost victims $1.2 billion in losses. Over 8,000 victims from nearly 80 countries had their money stolen. The victims were primarily organizations that worked with foreign suppliers.
This is one of many phishing attacks that have exploited people. How can you identify a similar scam before you fall victim?
Phishing attacks are attempts to steal sensitive personal information. Rather than relying solely on malware, they use social engineering to dupe the target into providing the information.
Most phishing attacks are launched through email, but they can be organized via social networking sites as well. They usually focus on stealing social security numbers, passwords and financial information.
Tips to Protect Yourself from Phishing Scams
While most phishing scams are easy to identify, others are very sophisticated. You need to be on your guard anytime someone tries to get this information. Here are some tips to protect yourself.
Look at Email Handles
Many phishing attacks use free email accounts from services such as Hotmail or Outlook. Look at the email address to see if the sender is using any of these accounts. A reputable organization is going to use their own vanity email addresses.
Try to Avoid Visiting Through Email Links
If you are suspicious about the links in your emails, then avoid clicking them. You should instead go directly to the company site whenever possible. You can usually find the key pages on their website without much effort. If you do need to click links, then you should only do so after verifying the sender first.
White List Important Contacts
If you have a provider that sends sensitive information (such as your bank), then you will want to white list them in your email contacts. You want to be able to separate them from spammers trying to impersonate them. Almost all email providers have the option to white list contacts, so take advantage of them.
Check Privacy and User Agreements
Most organizations have policies about the type of information that they will request. For example, many will stipulate that they will never ask for your password or security PIN. If anyone asks for this information, then they are either an employee that isn’t following protocols or a scammer impersonating them.
Use Malware Protection Software
You may not be able to identify every phishing attempt. There may times that you click a link in your email that looked legitimate. You will want to at least have the best possible malware protection services available to mitigate the risks. Nokia Networks offers a number of services to protect users against malware and other threats.
Take Phishing Threats Seriously
Phishing attacks are becoming increasingly common. You need to be aware of the threats and have the right safeguards in place to protect against them.