Data collected by the Office for National Statistics (ONS) in England and Wales show that instances of computer misuse and fraud have increased in recent years, particularly since the onset of the COVID-19 pandemic and recent cost of living increases. But while bad actors are beginning to turn to phishing as one of their main methods of committing fraud, experts say that doesn’t mean people can’t take steps to minimize the chances of falling for those attempts. “Overall, individuals need to make security part of the fabric of their everyday routines, Jamie Moles, Senior Technical Marketing Manager at security firm ExtraHop, told Lifewire via email. “Everyone holds a level of responsibility in combating phishing attacks, and positive reinforcement, continuous education, and solid feedback loops are all key to making it stick.”

An International Problem

Phishing is the process by which bad actors attempt to gain access to your information by pretending to be someone else. It often involves an email or SMS message that urges you to log into an account, all the while directing you to a fake portal that collects real login credentials for fraudulent use later. Phishing can also be used to collect other personal information like credit card numbers and social security information. While the figures collected by the ONS relate specifically to England and Wales, the growing number of phishing attacks is a global phenomenon. That report notes that incidents of computer misuse increased by 89% for the year ending March 2022 when compared to the same period the year prior. But globally, the United States is the most-phished country of all, with 74% of companies saying they were affected by a successful phishing attack in 2020. The United Kingdom finds itself in the second spot, followed by Australia. The top five are rounded out by Japan and Spain. Additional data shared by the Anti-Phishing Working Group(APWG) show that phishing had reached an all-time high as of December 2021—with attacks having tripled since early 2020. While these numbers focus on companies whose employees had their accounts compromised, rather than individuals, they do back up the ONS findings that things have gotten worse over the last two years.

Fighting Back

Experts like Moles believe that people can help reduce the chances of becoming a victim of phishing by taking more care when scrutinizing email messages that they receive. “Check the sender’s email address,” he said, noting that “this is often an easy red flag that users miss when they’re in a hurry, or it looks like the note came from their boss or CEO.” Phishing attempts are often made to look like they came from an authority figure, making potential victims less likely to question a request for information, for example. Moles also suggests people carefully check any links that a message prompts them to tap or click, too. They might look legitimate, but slightly different spellings of popular domains (like micros0ft.com instead of microsoft.com) can sometimes give the game away. Esther Maria Chamberlain, president of security and IT firm Acuity Total Solutions, believes that “diligence is needed to understand how different service providers may contact you.” When discussing phishing with Lifewire via email, Chamberlain suggested that people “should never feel pressured to stay on a call or message stream.” Any call initiated by a third party should initially be treated as suspicious because they might not be who they say they are. “Situations involving [calls and messages] can be independently verified through the relevant company’s web page,” Patrick Sayler, principal security consultant at NetSPI, told Lifewire via email. If in doubt, call them back on a number known to be legitimate and not necessarily the one they called you from. More generally, experts believe that a better knowledge of best security practices could also benefit people online. “People receiving considerably more phishing scams need to act smart to protect themselves online,” Jason Stirland, Chief Technical Officer at DeltaNet, told Lifewire over email. “They must understand how to protect their data online with basic password security principles.” That includes strong, unique passwords for each online account. And while it might not help with phishing specifically, it’s a step toward keeping personal information safer online—one that many fail to take.