2019's favorite targets for phishing were software engineers, IT professionals and server administrators. The previous year, IT professionals experiencing spear phishing jumped nearly 21% (Source: Proofpoint’s 2019 State of the Phish).
The best security systems in the world can't stop people from handing over access to their computers through deceptive phishing scams that trick them into giving up their credentials. New Phishing tools bypass MFA and other security measures to how hackers automate phishing attacks and break through MFA with ease. No tool or system can completely protect the company. The human factor – knowing how to identify and immediately report phishing communications (phone calls, emails, text messages), is key to protecting client information and company reputation.
Quick Tips to Avoid Being Phished
• Stop and think before automatically clicking on a link or replying to an email.
• Consider the source, and check the email address of the sender — does it seem legitimate?
• Is the sender asking for an immediate response or making it seem like it's an urgent situation that requires quick action?
• Before clicking on a link in an email (or a text message) always hover over the link to check the URL and check if it seems legitimate. Even if it does, avoid clicking on it. Instead, go directly to the provider website to log in, or get the actual customer service number from their website or from a recent bill.
• If you receive a suspicious email at work, reporting it to your IT Department.
2019 Examples of Phishing
Oregon Department of Human Services (Oregon DHS) Announces Data Breach due to Phishing
Announced in March, officials said the total number of breach victims has been updated from 350,000 clients to 645,000, after nine employees fell victim to a targeted phishing attack campaign.
Phishing Campaign Impersonates Department of Homeland Security (DHS) Email Alerts
An ongoing email-based phishing scam is attempting to fool recipients into opening malicious attachments disguised as notifications from the U.S. Department of Homeland Security (DHS), according to the Cybersecurity and Infrastructure Security Agency.