What are they and how to recognize scam emails? With these tips, you shouldn’t have any trouble protecting yourself from all kinds of phishing attacks. As a report from the Anti-Phishing Working Group (APWG) revealed earlier this year, there has been a notable increase in phishing attacks. It is a widespread problem, which carries a huge risk for individuals and organizations (for example, there were more attacks in the first quarter of 2019 than in any other quarter in history).
Needless to say, that’s something we all need to be aware of, as these types of attacks won’t go away anytime soon (ever). But don’t worry, as our guide will help you keep these criminals at bay.
Before we delve into it, here is a brief overview of what phishing is. In short, cybercriminals or phishers, not only try to steal the identity of anonymous people but also take advantage of the dismissal of employees to obtain confidential information of any company. Interestingly, phishing – one way or another – has been around for years via phone calls and scams even with physical letters.
Some security professionals now believe that cybercriminals see phishing attacks as an effective (and easy) way to break into a business and launch more sophisticated attacks. After all, humans are increasingly seen as the weakest link and therefore the most effective target for criminals looking to infiltrate a business or SME.
Follow the tips below and keep better protection from phishing attacks.
1. Be sensitive when it comes to phishing attacks
You can significantly reduce the chance of being a victim of phishing attacks with sensitivity and intelligence as you browse online and check your emails.
For example, as ESET’s Bruce Burrell advises, never click on links, download files or open attachments in emails (or on social media), even if they appear to be from a known and trusted source.
You should never click on links in an email to a website unless you are absolutely sure it is genuine. If in doubt, you need to open a new browser window and type the URL in the address bar.
Be wary of emails that request confidential information, especially if you are requesting personal data or banking information. Official organizations, including and especially your bank, will never request sensitive information via email.
You should pay particular attention to shortened links, especially on social media. Cybercriminals often use these – from Bitly and other shortening services – to trick you into thinking that you are clicking on a regular link, when in fact you are about to be inadvertently directed to a fake site.
You should always hover over a web link in an email to see if the right website is actually being sent to you, ie “what appears in the text of the email” is the same as “what you see when you pass The mouse “.
Cybercriminals can use these “fake” sites to steal your personal data or perform a drive-by-download attack, thus infecting your device with malware.
3. Does that email look suspicious? Read it again
Many phishing emails are fairly obvious. They will surely have a lot of typos, capitalized words, and exclamation marks. They may even have an impersonal greeting – think of those greetings “Dear Customer” or “Dear Sir/Madam” or present implausible and generally surprising content.
Cybercriminals often make mistakes in these e-mails… sometimes even intentionally to bypass spam filters, improve responses and eliminate “smart” recipients who will quickly realize that it is a scam.
4. Be wary of threats and urgent deadlines
Sometimes a trustworthy company needs you to do something urgently. For example, in 2018, eBay asked its customers to quickly change passwords after a data breach.
However, this is an exception to the rule; usually, threats and urgency – especially if they come from what it claims, from the legitimate company – are a sign of phishing.
Some of these threats may include warnings about a penalty or advising you to do something to prevent your account from being terminated. Ignore terror tactics and contact the company separately via a known and trusted channel.
5. Browse securely with HTTPS
You should always, wherever possible, use a secure website (indicated by https:// and a security “lock” icon in your browser’s address bar) to browse, and especially when you submit sensitive information online, such as your credit card.
Never use unsecured public Wi-Fi for banking, shopping, or entering personal information online (convenience doesn’t have to exceed security). If in doubt, use the 3 / 4G or LTE connection of your mobile phone.
Phishing remains the most popular online cons and has long been a very effective method for scammers to steal people’s sensitive data. “One percent of the emails sent today are phishing attempts,” according to Jigsaw data.
In fact, many incidents start with a user simply clicking on a malicious link or opening a dangerous attachment which is commonly delivered via email or social media.
While email filters do a good job of recognizing many of these scam attempts, some fraudulent emails will continue to pass. This is where phishing-spotting skills can be critical, as can anti-phishing protection which is commonly part of reliable security software.
I recommend enabling two-factor authentication (2FA) where possible if you haven’t already.
The added factor offers a valuable extra layer of protection in exchange for minimal effort. It’s best implemented via a dedicated hardware device or delivered via an authentication app, rather than via text messaging (through SMS is still better than nothing).