10 Effective Tips on Preventing Phishing Attacks on Your Personal Data
Findings reveal that a whopping 76% of businesses reported being a victim of a phishing attack in 2018. Other reports indicate that 97% of people around the world are unable to identify a sophisticated phishing email.
If you’re wondering what phishing is and how to detect phishing attacks, and what phishing prevention best practices entail, you’ve come to the right place.
What Is Phishing?
Phishing is described as a technique of cybercrime, wherein criminals use platforms such as email, mobile, websites, and social networks to send communication to people. These communications are especially created to steal sensitive information such as personal data, bank account details, credit card details, internet banking passwords, and so on.
This information is then misused for malicious reasons such as obtaining someone else’s details deceitfully, identity theft, hacking (and consequently paralyzing) computer systems, procuring confidential trade secrets, and accessing data crucial to national security.
“Phishing” is pronounced as “fishing,” which directly refers to an angler throwing a baited hook with the hope that the target will bite. “Ph” actually points to hacker spelling and is thought to be influenced by the word “phreaking” or “phone phreaking,” which was an early form of hacking. The term “phishing” came into existence in the mid-90s when hackers targeted AOL users for their login details.
What Are the Types of Phishing Attacks?
Unfortunately, several types of phishing attacks exist and scammers may employ any that helps them meet their objective.
Perhaps, the most common type of phishing attack is a malware attack, which is hidden in links and prompts a download. The downloaded file enables the hacker to gain control of the user’s computer and perform several actions such as holding the device hostage, stealing user information, and spying, among others.
Another widespread type of phishing attack relates to credential harvesting, wherein criminals mimic renowned brands and try to lure their victims with fake offers in an attempt to retrieve their passwords and bank information. This is typically followed by extortion and spear phishing.
Here are some shocking statistics about the prevalence of phishing.
In 2018, phishing attacks became the leading cause of data breaches, with payment processors emerging as the most targeted business.
- In Q3 2018, phishing attacks grew by 27.5%.
- In 2018, phishing and fraud increased in October, November, and December, with occurrences exceeding 50% from the annual average.
- A report from the same year found phishing to be the root cause of 48% of breach cases.
How to Detect Phishing Attacks?
While scammers make it a point to upgrade their phishing tactics from time to time, there are certain signs that can help you detect a phishing attempt, if you are alert.
Phishing messages typically look like they have come from a well-established and trusted company such as a bank, a social network, an e-commerce store, or an online payment portal. These messages often follow a pattern: they tell you a story to trick you into clicking a malicious link or downloading/opening an attachment by saying that:
- They have noticed suspicious activity or log-in attempts into your account
- There is a problem with your account or your payment information
- You are required to confirm some personal information
- They have sent you an invoice
- You are required to click on a certain link to make a payment
- You are eligible to receive a huge monetary refund
- You are entitled to a coupon for freebies
Some prominent red flags to watch out for in phishing messages include:
- Poor grammar and punctuation
- Illogical flow of content
- Unprofessional imagery
- Request to enter/verify sensitive personal information
- Alarming messages about your account to create a sense of urgency and with the intent to make you take immediate action
- Mention of the pending deadline, expiration of services or policies, or limited-period discounts
- The offer of unrealistically high monetary rewards or prize money for a contest you never entered
Scammers are not related to the companies they pretend to be in any way. Their messages can have major consequences for people who give them their sensitive information.
How to Prevent Phishing?
Now that you know how to detect phishing messages, it’s time to learn about how to prevent phishing. Mentioned ahead are some helpful phishing prevention best practices you should follow to keep yourself safe.
- Check out Every Link’s Final Destination
We all receive promotional emails on a daily basis from a variety of sources. These emails usually have messages and links mentioned in them. However, just because these links look like normal hyperlinks does not mean their destination is genuine.
To figure out if a link is authentic, use this effective phishing email detection technique: Hover your mouse over the link and check out the link’s destination on the lower-left corner of your browser. This will reveal the real destination, even if the text says something else.
You also have the option of manually typing the URL in a new search bar.
- Watch out for Shortened Links
Scammers shorten their malicious links in an attempt to make them look like words users are already familiar with. It is known that most brands use link-shortening tools on social networks as they help reduce the character count, and the messages look crisp rather than wordy. Cybercriminals use this to their advantage and provide shortened links that lead to a fake landing page. It is best to avoid opening such links.
- Shun Public Networks
Email communication over public networks is often not encrypted. Spammers can use this limitation to dig out your sensitive information such as login IDs, passwords, credit card numbers, and so on. They can also set up free hotspots to trick you into providing your information without any data-digging technology.
It is always safer to use your mobile phone’s tethering and hotspot capabilities to work with its data connection rather than use open public networks.
- Beware of “Urgent” Deadlines
Know that no business or bank will ever ask you for your personal data via email or text messages (or even a phone call), let alone ask you to take “urgent” action by providing false deadlines and using an intimidating tone.
If you do receive such a message, call the company directly (not on the number provided in the email, which can be phony) and inquire. You can also head to their website to gain further clarity. Once you’re certain that it is a sham, mark the email as spam and delete it.
- Go Only for Secure Websites
You may have noticed that some websites start with http://, while others start with https://. Here, the alphabet “s” (which is accompanied by a little lock icon alongside it) indicates that the website is safe for browsing and purchasing. Always look for the “s” in website URLs, especially when it comes to e-commerce and banking portals.
- Change Your Passwords Often
We’re often warned against the perils of not changing passwords frequently. We also get advisories on the importance of not using the same password more than once. This advice is to be taken seriously.
Changing passwords every now and then is crucial to your online security. Also, make sure to have a unique and strong password for each account.
- Ban Remote Access to Your Computer System
This helps to not allow anyone (even those claiming to be from reputed cybersecurity firms and keen to help you install free software) any kind of remote access to your computer. Never install any software/program from an unverified source either.
- Set-up Two-Factor Authentication
Nowadays, most organizations offer two-factor authentication as an extra layer of security. Sign up for this whenever possible.
- Trust Your Instinct
If you get an email and feel something about it is off, trust your instinct and avoid it. Do not click on unknown links, or download suspicious files from unknown sources, or open their attachments.
- Report It and Fortify
This one’s simple. If you’ve identified a phishing email, report it by forwarding it to the relevant authorities. For future security, Invest in the right technology to safeguard your computer systems and sensitive data. Think beyond antivirus software and go for measures that enable multi-dimensional threat detection and risk management.
It is always advisable to take cybersecurity seriously and secure your systems from malicious online activities. Steps such as changing your passwords and using the right technological aids will prove to be immensely helpful. The sooner you have them in place, the more protected your information will be.
If you need help with making your systems secure to thwart cyberattacks, do not hesitate to get in touch with the experts at InsideOut Networking. We will be happy to help you reinforce your online security.
I’m Dave Goodenough. I started InsideOut Networking in 2004 with the idea that if we could cut through all the jargon and tech speak and just have real conversations about computers and technology, we could help a lot of people out and develop long-term relationships with our clients.
Today, we have over 2,500 clients who trust us to make sure their computers are always up to date and protected from security threats, allowing them to do exactly what they need.