Phishing Scams: What Are They, and Why Do We Still Fall for Them?

phishing scam

Phishing is one of the most common forms of cybercrime. In this guide, we’ll delve deeper into how phishing scams work and why people still fall for them in 2021. 

What are phishing scams?

Phishing scams are designed to trick or entice you into providing personal information. In the vast majority of cases, phishing attacks are delivered in the form of emails. 

In 2020, 75% of organizations were targeted by hackers trying to use phishing scams to obtain information. The primary aim of phishing scams is to gain access to sensitive or personal data. Statistics from the FBI indicate that phishing scams cost US consumers and businesses over $57 million per year

Why do people still fall for phishing attacks?

Some phishing emails are easy to spot, but many mimic real-life communication from co-workers, big-name companies, and even banks. They can seem legitimate, even on close inspection. 

Hackers and people who engage in cybercrime use sophisticated techniques to generate emails that look real. Many consumers receive communications from high-profile brands and in some cases, it’s difficult to spot the difference between a genuine email and a phishing scam. 

Spotting phishing scams

Learning to spot phishing scams is beneficial for individuals, businesses and organizations. The vast majority of scams that impact businesses target employees who often fall foul to sophisticated emails that mimic real-life communications. 

Providing training is hugely beneficial for organizations. One IT company in Falls Church also suggests investing in an integrated suite of security tools to centralize threat detection and ensure best security practices are always being followed. 

Here are some common signs of phishing emails to look out for:

  • Misspelled, unknown, or unusual domain names
  • Use of poor grammar and spelling
  • Subject lines that contain threats 
  • Suspicious attachments or links
  • Messages that are designed to intimidate or cause panic
  • Emails that pretend to be from high-profile companies (statistics suggest the most frequently impersonated brands include DHL, Amazon, Microsoft and PayPal)
  • Requests to update payment information or notices of missed or unsuccessful payments
  • Use of the wrong name in the subject line
  • Requests to provide personal information

Protecting against phishing scams

Being aware of phishing attacks is incredibly important for individuals, employees, and business owners. Learning to spot warning signs, using filters to ensure that emails end up in junk folders, and providing employee training can all help to protect against phishing scams. 

It’s also crucial to check the sender and to remember that reputable organizations will never ask employees or consumers to provide any sensitive information via email. Banks, retailers and healthcare providers, for example, would never email customers asking them to complete a payment online or send their bank details or personal address. 

For businesses, it’s advantageous to outsource IT to a reliable managed IT services provider and to provide training for all employees. 

The bottom line

Phishing attacks are designed to encourage people to provide personal information. In the vast majority of cases, they are delivered via email. Phishing scams can be incredibly sophisticated and this is why many people still fall for them. 

To prevent phishing attacks, it’s essential to learn to spot the signs, report suspicious behavior, and use filters to block messages. Businesses can benefit from providing training for staff and investing in managed IT services.