Phishing Attacks - Awareness Prevention and Remediation, Fight back!

Austin Capital Data Digital Self-Defense Series #3 - Mar 13 2025

By Kirti Kamerkar

Did you know that in the third quarter of 2024, APWG (Anti-Phishing Working Group - ref 1) observed 932,923 phishing attacks, up from 877,536 in the second quarter?

This rise highlights the growing sophistication of phishing tactics and the urgent need for stronger cybersecurity measures. It’s crucial for everyone to be aware of this growing threat and know how to prevent it, but before that, you should understand what phishing is.

Phishing is a type of cybercrime in which cybercriminals send spam messages containing malicious links designed to get targets to either download malware or follow links to spoof websites. These messages were traditionally emails but have since been employed through texts, social media, and phone calls. Phishing attacks have become increasingly common among everyday users.

The term “phishing” is a play on the word “fishing,” as the process involves cybercriminals throwing out bait (the fraudulent email or message) and hoping that someone takes the bait by providing the requested information. Rather than using technical hacking techniques, cybercriminals exploit human behavior to deceive the target. They might, for example, pretend to be a bank or a service provider and create a sense of panic by stating there’s a problem with the target’s account, which can only be solved by providing specific information or clicking on a link.

In a phishing attack, attackers send an email to the victim. Once the victim clicks on the email and goes to the phishing website. Attackers collect victims’ credentials and use those credentials to access a website. For example, an email pretending to be from your bank asking you to log in via a fake link and expose your password or account information.

https://www.cloudflare.com/img/learning/security/threats/phishing-attack/diagram-phishing-attack.png

Types of phishing attacks:

  • Email Phishing: Fake emails pretending to be from banks, companies, or government agencies.

  • Spear Phishing: Targeted phishing attacks aimed at specific individuals or organizations.

  • Whaling: Phishing attacks that target high-profile individuals, like executives or government officials.

  • Smishing (SMS Phishing): Fraudulent text messages with malicious links.

  • Vishing (Voice Phishing): Scammers calling and pretending to be from trusted institutions.

  • Social Media Phishing: Fake messages or links on social media platforms leading to phishing sites.

  • AI-Powered Phishing: Cybercriminals are now leveraging AI to automate, personalize, and enhance phishing scams, making them more convincing and effective.

Now that we are aware of what phishing is and its types, let’s dive deeper to understand the key indications of a phishing attack.

Signs of phishing attacks:

  • The message claims to be urgent

  • The message urges you to click on an attachment

  • The message impersonates an authority figure

  • The message contains misspellings or grammatical errors

  • The sender’s email address doesn’t match who they claim to be

  • Requests for your username and/or password – credible institutions and organizations will not request personal information via email

  • Time-sensitive threats (e.g., your account will be closed if you do not respond immediately)

  • Spelling and grammar mistakes

  • Vague or missing information in the “from” field or email signature

  • “To” field contains multiple random email addresses or is alphabetized

  • Impersonal or awkward greetings, such as “Dear Mr. account holder”

  • Unexpected files or downloads

  • Links that don't refer to the sender or sender's organization

  • Emails about accounts that you don't have, such as eBay or PayPal, or banks that you don't have accounts with

  • Emails “from” celebrities

  • Asks you to reply in order to “opt out” of a service or

  • Plays on human emotions to evoke sympathy, kindness, fear, worry, anxiety, or excitement

Example 1 of Fraud Email

Example 2

Phishing prevention steps:

 ✔ Check the sender’s email address for misspellings or unusual domains.
 ✔ Hover over links before clicking to verify if they lead to a legitimate website.
 ✔ Look for spelling and grammar mistakes — phishing emails often have errors.
 ✔ Beware of urgent messages that demand immediate action.
 ✔ Never share personal information through email or text.

 ✔ Enable multi-factor authentication (MFA).
 ✔ Use strong and unique passwords.
 ✔ Regularly update software and security patches.
 ✔ Verify links and website URLs before entering credentials.
 ✔ Use email filtering and spam detection tools.

Educate employees and family members on phishing risks.

Fight back against Phishing Attacks!

- If you suspect a virus has been downloaded

  1. Immediately disconnect the computer or device from the network.

If you are working from a PC, disconnect the network cable (aka. ethernet cable) from the PC. If you’re using the Wi-Fi network, disconnect from it immediately. Do not shut off or restart your computer, as this can actually cause more damage. In particular, forensic information may be lost, and there is the possibility that the system will not restart.

2. Ask all employees to disconnect from the network

Direct all other employees to also disconnect from the network by either disconnecting the network cable from their PC or turning off their Wi-Fi connection. This helps limit the spread of the virus if it has reached the network and their device.

3. Call your IT managed service provider.

They will quickly assess the damage. The next steps will be to either fix the problem or recommend that you call your insurance company and thier forensic team. If the extent of the damage is significant or includes a data breach of sensitive information, your insurance company will use thier own forensic team to uncover what has occurred and what data was stolen.

4. Send out any necessary communications.

Your business should have a communications plan in place that details who you should contact and what you should communicate with them after a hack (more on this later). After you have spoken with your MSP (Managed Service Provider) and ascertained the damage, it’s time to implement the communications plan.

(Note: A MSP is a third-party company that remotely manages an organization's IT infrastructure and services, including cybersecurity, network monitoring, data backup, and cloud management

Insurance

Cybersecurity insurance, also known as cyber liability insurance, protects businesses from financial losses caused by cyberattacks and data breaches.

If you have cyber security insurance, you’ll want to call your provider to explain what has happened, providing details about the damage and potential consequences. You may also want to consult with internal or external legal counsel in case the incident results in a lawsuit.

Conclusion

Phishing attacks are becoming more sophisticated, but by staying informed and cautious, you can protect yourself. Always verify messages before clicking links or sharing personal information. Have you ever encountered a phishing attempt? Share your experience in the comments!

References:

  1. https://apwg.org/

  2. https://github.com/CapitalData/Digital-Self-Defense-Kit-repo/blob/a712da00d8e73db05811973ea8b8467eb6281897/Digital_Self-Defense%20Manual_draft_2_14_24.pdf

  3. https://www.cloudflare.com/