Prevention

Phishing remains a major threat. In the second half of 2024, email-based phishing attacks surged by 202%. Alarmingly, most of these attacks used link-based tactics, and 80% of the malicious links were categorized as zero‑day threats, meaning they exploited computer vulnerabilities before patches could be applied. During peak periods, users encountered an average of three to six phishing threats per week.

What makes these scams so effective is their increasing sophistication. Emails often look authentic enough to fool even careful users, containing only subtle hints — such as slightly off-color logos or minor spelling errors — that betray their true nature.

Phishing comes in many forms. Traditional email phishing remains widespread, using urgent language or requests for personal information to prompt hasty responses. Spear phishing takes this a step further by targeting specific individuals or organizations with personalized and convincing messages. For example, a spear phishing email might appear to come from your employer or a supervisor.

Voice phishing, or vishing, involves phone calls from scammers posing as trusted institutions. Smishing delivers similar scams via text messages. A recent example is the “unpaid toll” scam, where victims receive texts claiming they owe money and are directed to fraudulent payment sites.

Even seemingly safe emails can pose a threat. Email spoofing allows scammers to create fake email addresses that appear legitimate, a tactic made possible by vulnerabilities in email protocols.

Social media phishing has become a fertile ground for scammers, who use enticing links, fake customer service accounts, or even contests and surveys to steal sensitive information.

Another common tactic is HTTPS phishing. Scammers create URLs that look secure, using familiar https:// formatting to lure users into clicking links that lead to malicious sites.

Tax season brings its own dangers. The IRS’s annual “Dirty Dozen” list of tax scams warns about fraudsters offering to help taxpayers set up online accounts or claim credits they don’t qualify for. These schemes often lead to stolen personal information and fraudulent returns.

Protecting your identity and data

This list is not exhaustive. To stay safe, remember the following:

• No legitimate agency or business will ask for personal details by email, text or phone.
• Always verify suspicious messages by contacting the organization directly, using information from their official website.
• Check email addresses carefully, and never click links or open attachments unless you’re certain of the sender.

Cybercrime is evolving, but awareness and caution remain our best defenses. By staying informed and vigilant, you can protect yourself from even the most convincing scams.

©YC Partners 2026