Simple ways you can protect yourself from phishing attacks
These top tips will help you stay safe from all types of phishing attacks.
A report by the Anti-Phishing Working Group revealed that there has been a significant rise in the number of phishing attacks. This is a serious problem that poses a significant risk to both individuals and organizations. For example, there were more attacks in Q1 2016, than any other quarter in the history of the Internet.
It’s important to know that these types of attacks will not go away soon. These criminals can be stopped by our Top 5 Guide.
Let’s start with a quick overview of phishing. (For more information, see this expert feature). It’s a method of identity theft in which cybercriminals attempt to convince users to give their sensitive and personal information. Phishing has been around for many years, in some form or other, via phone calls or physical letters.
Post-breach, cybercriminals often use phishing attacks. This was true for the Anthem, eBay data breach. In these cases, criminals sent warnings to victims advising them to change passwords and directing them to a fake site in an effort to steal their information.
Some information security professionals believe that phishing attacks are a way for cybercriminals to gain access to an enterprise and launch sophisticated attacks. After all, humans are increasingly considered the weakest link (insider threat are a major problem), and therefore the most attractive target for criminals trying to infiltrate an SME or enterprise.
Two Ways to Protect Yourself From Phishing Scams
1. Phishing attacks can be dangerous so be careful
By being smart and sensible online, you can reduce your chances of falling prey to phishing attacks.
Bruce P. Burrell, ESET’s director of security, advises that you never click on links or download files, nor open attachments in emails. This applies to social media as well.
If you are not certain that the email is genuine, don’t click on any links to visit a website. If in doubt, open another browser window and type the URL in the address bar.
Emails asking for confidential information should be avoided, especially if they ask for banking or personal information. Emails requesting sensitive information will not be sent by legitimate organizations, such as your bank.
2. Be on the lookout for links that are too short
Shorter links should be closely monitored, especially when you use social media. These links are often used by cybercriminals to fool you into clicking legitimate links, such as Bitly or other shortening services.
To verify that you are being sent to the correct website, you should always hover your mouse over the link in an email.
These fake sites can be used by cybercriminals to steal your personal information or carry out drive-by download attacks, infecting your device with malware.
FAQ Phishing Scams
Is that email suspicious? It is worth reading again
Many phishing email are quite obvious. These emails will contain lots of punctuation marks, exclamation marks and words in capitals. You may also see an impersonal greeting, such as the’Dear Customer or’Dear Sir/Madam salutations. These are either improbable and often surprising content.
These emails are often crafted by cybercriminals to make mistakes, sometimes even in an attempt to bypass spam filters and improve responses. This is done to weed out’smart recipients’ who don’t believe the con.
It has been reported that China’s PLA Unit 61398 is known to spend time observing how many people open and interact with their most phishing emails.
Avoid threats and deadlines
Sometimes, a company that is trustworthy may need you to act quickly. In 2014, eBay requested that its customers change their passwords immediately after its data breach.
This is an exception, however. Usually, threats and urgency, especially if they come from a company that claims to be legitimate, are signs of phishing.
These threats could include notices about a possible fine or an instruction to you to take action to prevent your account being closed. Do not be intimidated by these scare tactics. Instead, contact the company via a trusted channel.
Surf securely with HTTPs
When browsing the internet, you should use https://.
Public, unsecure Wi-Fi should not be used for banking, shopping, or to enter personal information online. Safety should always prevail. If in doubt, you can use your mobile’s 3/4G/LTE connection.
A side note: It should be easier for people to identify dodgy and unsecure websites. Google, for instance, is planning to take action by labeling any sites that don’t offer adequate protection.