Each day, we use our personal information to access online accounts, smart devices, and other resources. Credential information is so frequently compromised that the sensitivity of the information can be taken for granted. An impressive 61 percent of business users reuse the same password across multiple accounts, according to a recent study by password management company LastPass. Private information acts as the primary line of defense for accounts and other personal information, so obtaining compromised credentials can be lucrative for hackers.

According to NTT Security, an IT service management company, credential theft is most commonly committed by phishing at 67%, followed by malware at 33%. As phishing-related attacks remain the most popular method of delivering malware to end users, a combination of the two is typically used.

What is phishing and malware?

Phishing-related attacks involve using a fake URL designed by the attacker to appear to be a trusted website. For instance, a fake PayPal email may urge you to update your information because of suspicious activity, only to steal your login credentials. The attacker may also try to impersonate a company executive by sending an email requesting money be transferred to a particular account.

All industries are vulnerable to these types of phishing attacks. Regardless of the organization, they are given the same level of detail and research. In many cases, phishing attacks target an employee’s credentials in order to launch a series of larger attacks against other companies within the same supply chain or network.

Phishing attacks can be combined with malware attacks utilizing malicious software, such as viruses, ransomware and spyware, to harm or exploit a device or network.

How can you protect yourself?

Despite cybercriminals’ best efforts to make phishing emails look legitimate, there are some tell-tale signs of phishing emails. Here are some of them:

1. Grammatical Errors

Most businesses and organizations do not send communications to customers that have spelling mistakes or poor grammar. It can be one of the first signs that an email is a phishing attempt.

Obtaining personal information already on file.

Your personal information may already be stored by a business or other organization. The company will never send you an email asking for your login information, account number, birth date, or any other personally identifiable information. It is already in their records.

2. Time-Sensitive Requests

An email that asks you to respond immediately, especially if it threatens negative action such as closing your account, could be a phishing attempt. A phishing attack is designed to make you react without thinking.

3. Suspicious Email Address

When receiving an unexpected email requesting personal information from a company or individual, make sure you check the sender’s email address. Attackers can make an email look authentic by sending it from a similar address. A cybercriminal can also use two letters in a common email address to scam an unsuspecting victim.

When you receive an email with one of these red flags, do not follow its instructions, click its links, or download its attachments. If the message appears genuine, you can check the company’s official website for contact information and call or email to verify its authenticity.

Is your personal information on the dark web? Make sure your identity isn’t at risk!