Being a cybercrime victim is discouraging, frustrating, and often costly. While hackers are trying to conquer the planet, security measures should be getting tougher. Phishing, ransomware, DDoS, malware, XSS…facing these attacks could be just a matter of time. Unless you take preventive measures.
According to Hostingtribunal, phishing is the leading cause of data breaches. Almost 1.5 million new phishing sites appear every month. Who stands between the cybercriminals and your precious data? That all-powerful Jedi is you.
What is a Phishing Scam?
Phishing frauds are aimed at stealing information by fooling you into thinking that you are sharing it with a reliable partner. Hackers create messages that appear similar to what you’d receive from trustworthy companies.
These messages look like they come from a bank, a credit card company, a social networking platform, an online payment site, an online store, etc.
The goal is to force you to click a dangerous link. A link leads you to a website, which looks highly respectable. If you drop your guard and enter login, credit card or other private information, it goes directly into the hackers’ hands.
Ironically, phishers usually take advantage of your fear of a security breach. The dangerous email is likely to say something similar to:
- Your password was compromised, click this link to change it.
- There was a suspicious activity on your bank account, log in to confirm.
Phishing emails can also look like routine password change or information update requests. For example, you could get an email from a software provider asking you to extend the subscription by entering payment information.
While the majority of attacks come via email, they can also be disguised as instant messages, social media notifications, and search engine ads. The one thing all of them have in common is a link to a website that asks for private information (login credentials, sensitive financial data).
The majority of phishing frauds can be prevented by taking proper security steps, none of which are complex. Let’s take a look at what you can start doing today.
1. Use a Password Manager
Password managers fill in login information automatically when you visit secure sites. If a website is a phishy replica, the password manager won’t recognize it. If you are visiting a seemingly familiar site, but the manager isn’t filling out the information, it should raise a red flag.
Meanwhile, password managers allow you to use long and complex passwords, thus protecting you against other types of cyberattacks.
2. Look for the Padlock
Secure websites have SSL certificates and start with HTTPS and have a padlock icon next to the address bar. All websites that ask you for private information must be secure. If the padlock is missing, don’t share.
3. Install an Anti-Phishing Toolbar
Anti-phishing toolbars are available as browser add-ons or plugins. These tools check the website against a list of safe and fraudulent sites to evaluate their phishing potential.
While this toolbar doesn’t offer 100% protection, it can be an excellent weapon in your hacker-slaying arsenal. These toolbars do a fairly good job identifying the majority of replica websites.
4. Don’t Click
Here is an easy one for you. When in doubt, don’t click links embedded in emails. If you get one of the “security breach” or “password update” emails, take the time to figure out where it came from. Remember, financial institutions rarely ask for any information via emails. If something is wrong with your bank account, you are likely to get a call.
If your software is about to expire, you are likely to be notified within the program rather than by an email.
In case an email asks you to change a password, don’t click the link. Use the browser to go to the company’s main website directly. When in doubt, give the company or a financial institution a call.
5. Update Your Software
By keeping all of your software updated, you are protecting yourself from different types of attacks. The majority of antivirus programs has some type of built-in phishing protection.
While antiviruses warrant specific attention, the rest of your software needs regular patching as well. Besides, if you keep your software updated, you’ll know that “the outdated software” emails are a phishing attempt.
6. Know Your Enemy
With time, phishing scams get more and more sophisticated. The more effort we make to fight them, the harder hackers work to breach our defenses. That’s why it’s important to keep an eye on the phishing scam development and update combating methods.
Your IT administrators could arrange security awareness training and simulate phishing attacks to prepare you and your employees for a breach attempt. You have to stay on top of the latest security developments and work out an education program for your staff.
7. Read Carefully
Phishing emails tap into your fear of losing money and compromising information. They are likely to be filled with scary messages about the upcoming apocalypse (read: lost money, stolen passwords, compromised private data).
Respectable companies don’t create alarming emails. Just the opposite, they try not to scare their clients into making rash decisions. So if you see too many distressing and disturbing sentences, they should raise a red flag.
Meanwhile, look for grammar and spelling mistakes. Reliable companies and financial institutions pay formidable amounts to copywriters and editors. If you see a typo or a missing comma, beware. The email is likely to be a scam.
8. Beware of Shortened Links
Shortened links that don’t show a full name of a website are an excellent phishing weapon. Hackers use it to redirect you to replica websites. Before clicking such a link, place your cursor on it to read the target location’s real address.
Stay Safe by Acting Smart
Messages with links warrant a little paranoia. Don’t feel self-conscious about waving your lightsaber at a fly. The little insect could be a Sith Trooper in disguise.
If you need assistance with phishing scam protection or IT support information, please contact us today. We can help keep your galaxy safe!