Cyber criminals can use data leaked in big breaches to cause more harm to you with phishing emails. Data from big breaches, which have almost become commonplace, wind up on the Dark Web quite quickly. After they have your info via the Dark Web, they can craft some very convincing emails to you. They can use identifiable information to customize the email to make it look legit.
If you fall for a phishing email and log into an account, now the cyber criminal has that password too.
What is phishing? Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details, by disguising as a trustworthy entity in an email or text. It's estimated that around 90% of all cyber threats arrive through email.
Tips to stay safe:
- Track the breaches you're involved with to know when your info is leaked.
- Never use the same password for multiple sites
- Just because an email contains some accurate details about you doesn't mean it's a legitimate email.
- Phishing emails may be very difficult to spot so stay alert. Years ago, they would contain poor graphics and bad grammar. Not any more.
- Some emails may contain threatening information, but more than likely they are just part of a bulk anonymous email campaign.
- Watch for "seasonal" phishing campaigns such as Tax refunds in the Spring, shopping around the holidays, and election info during Election season.
- If an email is unexpected, pause before clicking
- Call the number on the back of a credit card or go directly to the web site in question for follow up - don't follow the links or phone numbers in the email.
- Use an email security filter to help reduce scam emails, but no spam filter is 100%. Cyber criminals work hard to get the threat through.
If you track the breaches you've been involved with, you'll be more alert and your chances of falling for the scam will be decreased. Here's a short video to share with your team: