Why Phishing Attacks Should Inspire Better Cybersecurity Habits

June 25, 2024 • Zachary Amos


Phishing attacks capture headlines, but connecting those data points to your situation is not always easy. How can you make them more applicable to everyday life? It’s easier than you might think, especially by looking at some common trends in recent attack attempts. 

Become More Aware of Brands Used for Phishing

When people create phishing emails, they typically want to catch as many victims as possible. Many achieve that goal by crafting messages for maximum relevance. Mentioning Amazon in a phishing email makes the content broadly applicable since the e-commerce company operates in many countries. However, if the phishing message discusses a brand only well-known in one region or state, recipients will be less likely to believe it, and some might not know the company.

Research published in 2024 indicated Microsoft was the most impersonated brand in the previous year’s phishing emails. The data indicated 68 million messages contained that brand name, and 20 million were about Office 365.

Adobe was next in line with 9.4 million phishing message mentions. Shipping company DHL also had a prominent place in the study, with 8.8 million emails attributed to it. Google was popular with phishing scammers, too, since 6.1 million phishing messages impersonated the company in 2023. 

It’s easy to see why these brands appear in phishing messages so often. Many workers, students and business owners use Microsoft, Google and Adobe, making it highly likely that a phishing email relates to a service or product they know and rely on regularly. 

Since numerous people expect incoming parcels, crafting phishing emails to mimic DHL is another way to trick individuals into acting quickly. No one wants to miss incoming packages, but phishing emails often insist recipients do specific things immediately to avoid delays.

Staying Safe From Brand-Based Phishing Attempts

Treat these phishing statistics as reminders that scammers often capitalize on the name recognition associated with major brands when creating their messages. However, the best way to avoid falling for the trick is to directly contact the brand associated with the email. Always go to the company’s website or call the business by phone rather than replying to the received message. Otherwise, the scammers could continue trying to trick you while insisting on the content’s legitimacy. 

Check Messages for Suspicious Links 

Research indicates most phishing scams begin with the victim clicking on a link. Once they do that, malicious files could get downloaded onto their computers or other devices. Sometimes, people click on dangerous links and get redirected to landing pages that ask for details such as their credit card numbers. 

At the end of 2023, the United Kingdom’s National Cyber Security Centre warned the public of a phone-based malware scam involving text messages about missed parcel deliveries. The content varies slightly in the examples mentioned, but all texts include links that supposedly go to package-tracking or delivery-rescheduling services.  

The coverage also recommends performing factory resets on affected mobile phones, especially if an affected person is unsure whether they have any backed-up content from before the malware installation happened. Performing a backup to deal with the malware problem won’t help if all the content also contains the malicious files. 

Avoiding Dangerous, Link-Containing Phishing Messages

Many overviews of phishing remind readers that scammers emphasize urgency. They want you to act without thinking things through carefully. Always stop before clicking on links in emails or text messages. If you interact with the link while on a computer, try hovering your mouse cursor over it to see the web address without having to actually go to the site. 

Another practical tip is to look at the URL’s structure. Some scam versions look similar to genuine addresses, but they contain an extra character or two.

If the link-containing message seems to come from a trusted party, contact them before engaging with the content further. Entities such as banks, couriers, government authorities and e-commerce sites often warn customers of known scam messages and how to avoid them. You may also be able to forward the received message to that party for their records. 

Follow Applicable Cybersecurity Policies

Many workplaces and universities have policies for internet users. Some may seem annoying, especially if they require frequent password changes. But, most policies get established to prevent organizations from becoming part of phishing attacks. 

Unfortunately, numerous people seem not to take the precautions seriously. One 2024 study found 1 in 10 IT leaders and 1 in 5 business executives break security rules. Additionally, younger workers are more likely than older ones to do it. 

Phishing prevention is not the only reason IT professionals establish rules. However, it’s probably a primary concern. If people must change their passwords frequently, it’s less likely a hacker will come across a still usable password stolen during a data breach. 

Working With Your Organization’s Rules

Many IT teams face the challenge of establishing effective cybersecurity rules that will be manageable for those who must abide by them. One thing you can do is discuss possibilities for making the rules easier to follow. 

Perhaps you become frustrated by forgetting your password and having to wait for someone to manually reset it. In that case, would the organization allow you to use a login management tool approved by the IT department? 

Give as many details as possible about why certain rules make it hard to stay productive. Stress that you want to do everything right but find some limitations prohibitive to your workflow.

Another solution might be for the IT department to permit bringing your home laptop to work after security professionals screen it for potential risks. Once the IT team members know why specific rules pose difficulties, they may be willing to change them, within reason. 

Don’t Become Part of Upcoming Phishing Attacks

Although phishing attacks can happen to anyone, being cautious is one of the best and simplest preventive measures. If something seems unusual about a recently received message, take extra care rather than ignoring your intuition. Then, your proactiveness can help you, your family or your organization avoid the pressure and uncertainty of being a cyberattack victim.