According to a recent survey (1) released by Ponemon Institute, the financial impact of phishing scams quadrupled during the past six years. In 2021, the average US company spent $14.8 million on phishing scams, including employee education, loss of productivity, and illicit payments made to hackers. This number compares to $3.8 million in 2015. What is a phishing scam and how can you avoid becoming the victim of such an attack?
A phishing scam is an unethical and malicious act of tricking unsuspecting users into providing personal information via email, text messages, or phone calls. Cybercriminals, more commonly known as hackers, use sophisticated techniques to obtain sensitive information in an effort to steal a user’s identity, and ultimately their money.
Phishing scams have increased exponentially every year since 1995, the year they were first discovered. Based on data gathered by Valimail, 3.4 billion phishing emails are sent on a daily basis throughout the world. Valimail estimates that 90% of all data breaches are caused by a phishing scam. There is only one reason why phishing scams remain so popular among cyber thieves and hackers; because they work. Twenty-eight years after their initial discovery, these scams continue to remain quite lucrative in the criminal underworld.
Cyberattacks fall under the umbrella of phishing scams. In addition to phishing scams, cyberattacks include identity theft, credit card fraud, SIM swaps, spyware, installation of malicious software, and bank fraud.
How to Avoid Becoming a Victim of a Phishing Scam or Cyberattack
According to data provided by ARK Invest, internet users spent 27% of their free time online in 2019. The number increased to 38% in 2021. By 2030, ARK Invest estimates that 52% of internet users’ free time will be devoted to online activities. As long as internet activity remains such an important part of our daily lives, we will be highly vulnerable to phishing scams and cyberattacks.
The best way to avoid becoming a victim of cyber theft is to remain vigilant. The overwhelming majority of these scams are preventable. Please review the most important steps you can take to avoid a phishing scam or cyberattack.
Download anti-virus software – During the past decade, anti-virus programs have become very reliable in preventing phishing scams and cyberattacks. The most popular software developers include Norton, Avast, AVG, McAfee, and Trend Micro. In addition to these companies, Microsoft provides a free downloadable anti-virus program. These programs are easy to install and provide a great first line of defense against hackers and cyber thieves.
Don’t open unknown email attachments – One of the easiest ways for a cyber thief to gain access to your personal information is by installing malware on your computer or mobile device. Malware is installed when you inadvertently open an infected email attachment. Once the malware has been installed, the damage is done. A simple way to prevent malware is never to open an email (2) attachment from an unknown sender.
Use a reputable email provider – Email providers can substantially reduce your chances of becoming the victim of a phishing scam. These days, most email services employ SPAM software in an effort to reduce the amount of suspicious mail that is sent to your inbox. These SPAM blocking devices are not perfect. However, they are quite helpful in removing harmful mail.
Two-factor authentication – During the past few years, an increasing number of websites have added two-factor authentication (2FA) as a line of defense against cyberattacks. Essentially, 2FA is an added layer of security that requires the website user to enter an ID code delivered to the user’s mobile device. 2FA goes beyond a simple password. If a hacker steals the user’s password, 2FA would thwart the hacker’s ability to steal information because the hacker must also have access to the user’s mobile device. 2FA has proven to be quite helpful in preventing scams and attacks.
Strengthen your passwords – All financial websites require the user to enter an ID code and password. Cybersecurity experts agree that using a weak password is the easiest way to become a victim of a cyberattack. The biggest mistake you can make is to use short passwords or passwords that contain common names and phrases. The best password is a mixture of uncommon letters, numbers, and symbols. Each password should be a minimum of ten characters. Passwords should be changed frequently.
Social Security website – If a cyber thief or data hacker steals your identity, one of the first places they visit is the Social Security Administration website. The SSA website contains a treasure trove of valuable personal information. The first line of defense against a cyberattack on the SSA website is to establish a user profile on the site, including 2FA. You can visit the website by clicking the following link: ssa.gov.
These are just a few simple steps you can take to minimize the likelihood of a phishing scam or cyberattack. Unfortunately, these scams and attacks will continue to be a major threat as we spend more of our lives online.
*If you are an Emerald Advisors client and think you have become a victim of a phishing scam or cyberattack, book an appointment.
(1) Jones, D. (2021, August 17). How much does phishing really cost the enterprise? cybersecuritydive.com. [online] Available at:
(2) Silverman, E. (2022, January 19). 7 security behaviors to protect yourself from hackers. zapier.com. [online Available at:
Disclosure: Emerald Advisors, LLC is a registered investment adviser. Information presented is for educational purposes only and does not intend to make an offer or solicitation for the sale or purchase of any specific securities, investments, or investment strategies. Investments involve risk and, unless otherwise stated, are not guaranteed. Be sure to first consult with a qualified financial adviser and/or tax professional before implementing any strategy discussed herein. Past performance is not indicative of future performance.