Browsing the Internet, as fun and useful as it is, puts you at risk of all kinds of scams and online attacks.
Don’t worry, though: all it takes is a little knowledge and carefulness. In today’s guide we’ll show you how to prevent phishing attacks and steer clear of such attempts.
What is phishing? It’s a scam method primarily based on social engineering. Its goal is simple: trick you into installing viruses or giving away sensitive details, such as your personal data or bank log-in credentials, so that a malicious actor can use them to gain profit at your expense.
Scammers usually pretend they’re representatives of your bank, for example, and they’re often very convincing at it. They can also create almost exact copies of popular websites, which can be then used to steal log-in and credit card data.
All this doesn’t mean that you’re defenseless against scam attempts. Read on to find out how you can protect yourself from such online threats.
Know your enemy: phishing attack types
Social engineering is in fact at the heart of every phishing attempt, but there are different methods of scamming people this way, as well as goals which fraudsters want to achieve.
Posing as a representative of a bank or other institution (such as the police, for example) to get your money is one kind of phishing.
Whaling (AKA executive phishing or CEO fraud) is aimed at top executives of major companies and institutions, carried out through carefully procured fake e-mails.
Spear phishing is somewhat similar to the previous concept, as it targets specific individuals, groups, and organizations, instead of the general populace.
Vishing (voice phishing) involves all those phone calls where scammers pose as legitimate representatives of various institutions, trying to coerce their target to either give away their sensitive information or perform an action which will then result in them losing their money, for example.
Smishing (SMS phishing) is similar, but the method used are fake text messages posing as legitimate ones.
Pharming is based on installing malware on the victim’s computer. This nasty stuff then redirects the user to fake websites instead of the real one.
Domain spoofing is posing as a legitimate website with an address as similar to the real thing as possible.
Man-in-the-middle (MITM) attacks are where the cyber-attacker inserts themselves in between two communicating parties. Jake and Linda might be thinking that they’re messaging each other, but there might be a malicious actor in-between them, controlling the conversation.
How to protect yourself from phishing attempts
Now that you know what kinds of phishing attacks are there, it’s time to learn what you can do in order to prevent them and protect yourself from scammers.
First off, be sure to use 2-Factor or even Multi-Factor Authentication when logging in to various services. Not only will it improve your security, but you’ll also know when someone unauthorized is trying to access your account.
Second, be sure to update your operating system and software regularly. Older versions have lots of backdoors and faults which can be then exploited by malicious actors. Don’t give them hope.
Third, be on the lookout for all sorts of red flags in the e-mails you receive. Pay close attention to the following:
- Messages with a sense of urgency – if you get an e-mail asking you to do something quick or something bad will happen/you’ll miss an opportunity that is too good to be true, be extremely careful. This is often used for a psychological effect, which is one of the main foundations of phishing.
- Typos, grammatical errors, bad formatting, etc. – if you see these in an e-mail coming from a seemingly reputable institution, beware. Small slip-ups happen, but if you see something written in broken English, for example, you can be pretty much 100% sure that this is a fraud attempt.
- E-mails sent outside of your typical business hours – if you get something from your colleague at an unusual time of day (or night), this is a moment to reach out to them, preferably in person or via phone, to confirm whether the message came from them or not (most likely it didn’t).
- Suspicious links and attachments – don’t download anything that looks sketchy, especially when the file extension is weird. Don’t click on any links without hovering over them with your cursor to check the address first. Still, you’ll probably be better off not clicking it, anyway.
In general, whenever anyone you know sends you an e-mail with requests for money, for example, ask them in person if it is really them. Their social media or e-mail account might have been compromised and taken over by a scammer, so it’s good to make sure everything’s alright.
Whenever you’re shopping on marketplaces, be extremely cautious when someone, say, wants to buy your item and sends you some links via a private message to “transfer” funds to you. Usually, they insist on hurrying up (sense of urgency).
It’s one of the most common methods of stealing money from people. Regular folks will only use the payment options provided by the platform. Remember: NEVER use any external links or payment methods sent to you via a private message!
One more thing: it’s easy to make a typo in the address of a website you’re frequently using. Problem is that there might be fake versions of these sites on the Internet and you might accidentally end up on one of them.
See if there’s a padlock icon next to the link and re-read the address to make sure it’s the legit website.
Also, never google any bank or marketplace website. Input the address manually.
Stay safe online
As you can see, it turns out that while there are many things you can do to avoid being scammed, both the weakest and strongest link here is yourself. Remember: be careful out there, avoid deals that are just too good to be true, take your time to check the e-mails for any red flags, and educate yourself on Internet threats. This way you’ll ensure your safety online.
Until next time and stay safe out there!