True or False: How much do you really know about phishing attacks?

Phishing attacks top the list of the most popular cyber crimes, posing a significant threat to businesses and individuals alike. Leaked confidential information, infected networks, financial demands, corrupted data are just some of the consequences of this popular scam.

According to the Microsoft Digital Defense Report 2022 (MDDR), these attacks are on the rise and remain a substantial threat to users everywhere, as they indiscriminately target all inboxes. Among the threats tracked by the researchers, the volume has magnitude greater than all other threats.

Phishing remains a preferred method of attack, as cybercriminals can acquire significant value by successfully stealing and selling access to stolen accounts. The techniques used continue to increase in complexity, according to MDDR, the average time it takes for an attacker to access your private data if you fall victim to such an email is 1 hour and 12 minutes. In response to countermeasures, attackers adapt new ways to implement their techniques and increase the complexity of how and where they host campaign operation infrastructure.

Using data from Defender for Office, the report also highlights that 710 million phishing emails were blocked each week, and in addition to the URLs blocked by this tool, Microsoft’s Digital Crimes Unit has determined the removal of 531,000 phishing URLs exclusive hosted outside of Microsoft.

At Microsoft, we’re committed to making the world a safer place for everyone, and to help you identify and protect against these attacks, we’ve prepared the following questionnaire:

1. A phishing attack is a scam where criminals try to gain information or access through trickery to trick you.

TRUE: Scammers will pretend to be a company or person you trust, or they might disguise a malicious virus as something that looks innocent in hopes that you’ll install it on your system.

2. Spam email is considered phishing  

FALSE: Spam emails are unsolicited junk email messages with irrelevant or commercial content. They may advertise quick cash schemes, illegal offers or fake discounts; Phishing is a more targeted (and often better disguised) attempt to obtain sensitive data by tricking victims into voluntarily handing over information and access credentials.

3. Email Phishing and Malware Phishing are the most used phishing attacks by criminals  

TRUE: Email Phishing, where criminals use tactics like fake hyperlinks to lure email recipients into sharing their personal information; and Malware Phishing, an attack that involves planting malware disguised as a trusted attachment (such as a resume or bank statement) in an email, are the most common attacks.

There are also other types of phishing attacks that you should be aware of if you want to keep your information safe, such as Smishing, a combination of the words “SMS” and “phishing”, smishing involves sending text messages disguised as trusted communications from widely known companies. People are particularly vulnerable to SMS scams as text messages are delivered in plain text and appear more personal.

4. Cyber ​​attacks are easy to detect  

FALSE: Attackers are adept at manipulating their victims into giving up sensitive data by hiding malicious messages and attachments in places where people aren’t very judicious (for example, their email inboxes). They use cunning communication, generate a sense of need and false confidence to deceive people, and even use psychological tactics to convince their targets to act before they think.

5. Taking a proactive approach to cyberattacks can help me protect my information online 

TRUE: You can follow these guidelines to protect yourself against phishing:

• Inspect the sender’s email address. Is everything in order? A misplaced character or unusual spelling could signal a forgery.
• Be wary of emails with generic greetings (“Dear customer”, for example) that ask you to act urgently.
• Look for the sender’s verifiable contact information. If in doubt, do not respond. Start a new email to reply.
• Think twice before clicking on unexpected links, especially if they direct you to log into your account. To be safe, log in to the official website.
• Avoid opening email attachments from unknown senders or friends who usually don’t send you attachments.
  Install a phishing filter for your email apps and enable spam filtering on your email accounts.

To learn more about Microsoft Security solutions, visit our website, bookmark this site to keep up with our expert coverage of security issues. Also, follow us on social media for the latest cybersecurity news and updates.