No one thinks they’ll fall victim to a cybercrime, but in reality, you’ve likely come across a suspicious email that could be trying to steal login credentials, financial information, or your identity or install dangerous computer viruses. Maybe you’ve received an email that claims to be from Netflix or Amazon, requesting your password, account email, payment information, or other personal information and directing you to an unfamiliar website. These characteristics are the hallmarks of a classic phishing attack, which can lead to identity theft, credit card fraud, ransomware attacks, and more.
Where Did Phishing Come From?
The history of phishing dates back to the mid-1990s, when groups of hackers posed as AOL employees and used the instant messaging platform to steal passwords and login credentials. The purpose of these attacks was to use the hijacked accounts to access the internet, rather than pay for access once the 30-day free trial of AOL expired. These hackers were known as “phreaks”, a group of individuals who had a keen interest in studying telecommunication systems. The name “phishing” was used to link these scams to this community.
In the early 2000s, hackers began to branch out past AOL accounts to target financial systems to steal credit card information and passwords. Since then, the prevalence of phishing scams has grown exponentially, with 36% of data breaches involving a phishing attack, according to a Verizon report. Between 2021 and 2022 alone, the number of malicious phishing emails grew by 569%, according to cybersecurity company Cofense.
How Phishing Works
In modern phishing attacks, many hackers use spoofing to disguise an email address, website, phone number, or sender name in the hopes that it will appear legitimate. It could be as simple as changing a number, letter, or symbol so that the URL a hacker is using, without close inspection, is coming from a legitimate source. This will often trick victims into disclosing sensitive information like passwords or credit card numbers, which are then stolen by the hackers.
Luckily, there are easy steps to protect yourself against phishing attacks. According to the FBI, companies generally will not contact you asking for your username or password. If you receive an email, text, or phone call requesting this information, that should be a significant red flag. If you receive an unsolicited email with a link, avoid clicking on it. Instead, carefully examine the sender’s name, email address, spelling, and other details about the correspondence to see if there are slight inaccuracies that could point to it being a phishing scam. And, if an email asks you to download something or open an attachment, do not do so unless you can verify that the sender and attachment are legitimate. Also, be wary of the information you share online. Details like birthdays, pet names, schools you attended, and other personal details can be used to guess passwords.
The Importance of Verification
Ultimately, the confirmation of someone’s identity can help to avoid potential scams. This can be achieved in the private capital markets by complying with securities regulations. For investors, due diligence and careful research of investment opportunities can highlight potential red flags that could be a telling sign of something too good to be true. At the same time, verifying the identity of a company raising money can provide assurance that it is a legitimate investment opportunity. For issuers, identity verification like AML and KYC confirm that investors are who they claim to be.
Being on the lookout for phishing can help protect your identity and financial information from hackers. Understanding what these scams are and how they work is one of the best defenses available. Stay tuned for the next article in this series, which will shed light on a different type of scam. If you have any questions or topics you’d like to see discussed in more detail, please reach out and share your ideas with us!