Phishing is a technique that involves deceiving the user in order to steal their confidential information such as passwords and personal data. This is done by tricking the user into thinking they are on a confidential site. So far, hackers have used emails to primarily launch these sorts of attacks, but now with widespread use of social media networks and mobile devices that utilize the internet, these types of attacks are multiplying.
Often times the emails include a link that diverts the user to a site that is thought to be confidential and safe, but they are merely imitation sites with zero security and privacy. Users who do not have adequate virus protection or proper protocol set in place to fight off these attacks could be caught in the middle of the onslaught. Many times phishing attacks make promises of great jobs, free products, or easy ways to make money, which attract a variety of people. The question is – how can we prevent these types of phishing attacks?
Here are 10 Tips to Prevent Phishing Attacks:
1. Learn to Identify Potential Phishing Emails:
There are some phishing qualities that can be immediately identified through an email. They typically duplicate the image of a real company. They copy the name of a company or even employees from a company. They include sites that are similar to a real business, but not the same. They promote gifts or free money or even tell the user that their existing account is going to expire. It is important to check these sites against official sites through research.
2. Check the Source of the Information from all Incoming Mail:
A bank will never ask a customer to send passwords or personal information by mail. A user should NEVER respond to these types of questions. If there is even the slightest of doubts, a user should contact their bank directly for clarification.
3. Do Not Go to a Bank’s Website by Clicking on Links Included in Emails
A user should never click on hyperlinks or links attached in the email. These links may directly link to a fraudulent website. It is best practice to type the URL directly into the internet browser or use bookmark/ favorite functions to get to links faster.
4. Enhance Computer Security
Common sense and good judgement is as vital as keeping the computer itself protected with a good antivirus to block these types of attacks. In addition to virus programs, continuously updating the operating system and web browsers will help as well.
5. Enter Sensitive Data into Secure Websites Only
In order for a site to be consider “safe”, it must begin with ‘https://’ and the browser should show an icon of a closed lock. If a website does not have this information, it is not secure.
6. Periodically Check Accounts
Check bank accounts periodically to be aware of any irregularities in online transactions.
7. Phishing is Not Limited to Online Banking
Most phishing attacks are against banks and bank account information. However, hackers can also use any popular website to steal personal data such as eBay, Facebook, PayPal, etc. Be aware of all internet activity, especially social media.
8. Phishing Speaks All Languages
Phishing has no boundaries, and can function in any language. In general, they’re usually poorly written or translated badly, which serves as another indicator that something is wrong. If a user has never had their bank website in Spanish, why would their statements now appear in that language?
9. If There is Even a Sliver of Doubt, Do Not Risk It
The best way to prevent phishing is to consistently reject any email or news that asks to provide confidential data or secure information. A user should delete all emails that look like that and clarify with their bank any doubts.
10. Stay Informed About the Evolution of Malware
Keep up to date on security related news in order to know the latest information regarding malware and internet safety. There are a ton of websites that offer current news on internet related matters.
How to Deal with Phishing Scams:
Identifying a phishing scam is half the battle. Learning to adequately deal with them to ensure they do not continue to plague emails is a feat in itself. The first thing that needs to be done is immediately deleting the email or text message that is asking to confirm personal information or provide sensitive data such as credit card numbers, social security numbers, passwords, etc.) A legitimate company will never ask for this information over an email or text message. Before you delete the email, absolutely do not reply to it, click on any links, or call any phone numbers associated with the message. These types of messages are meant to direct users to spoof sites, where personal information can be easier attained.
Where to Report Phishing Emails:
Before you delete the email, immediately forward it to email@example.com as well as to the company itself that the email or site is attempting to mimic. You can also report phishing emails to firstname.lastname@example.org. The Anti-Phishing Working Group utilizes these reports to counter phishing attacks. If a user already feels they have been tricked by a phishing email, they should file the report with the Federal Trade Commission at www.ftc.gov/complaint. They should also review the Identity Theft website from the FTC. Many phishing attacks lead to identity theft.
Back To Blog