For those of you that don't know, phishing is essentially the process of stealing a user's confidential information, such as passwords, personal details, bank details etc, through deceptive practices.
Initially, emails were the primary method adopted by such individuals; however, with the growing popularity of social media networks and Smartphones, the various methods of attack have started to expand.
The most common phishing attack entails sending an unsolicited email to an end user, this email will usually contain a link to another website (such as PayPal or Facebook), however, when the user clicks on the link, unbeknownst to him/her they will be taken to a counterfeit site, where they will be asked to input their confidential details.
Other forms of phishing attacks are as follows:
- SMS asking you to submit confidential information.
- Hackers sending private messages to users on Facebook that contain a link to a counterfeit Facebook site.
1. Learn How to Identify Phishing Emails
There are a number of qualities that if one is aware of; they can use to identify such emails. These are the following:
- The email will ask you to click on a link to go through to an official website. Most companies, especially those that retain sensitive data, will ask you to put the URL into the address box manually.
- The email will make a claim that your membership or access to a particular service has expired, despite the fact that you do not have an account with that particular service.
- The email address of the sender will have an unusual mix of characters and numbers in it.
There's nothing wrong with you, when click on links on sites that you know and trust. However, clicking on links found in instant messages and unsolicited emails may not always be the best idea. The vast majority of phishing attacks comes through hyperlinks, which is why it's important you're cognizant of everything you click on. Try hovering over links before clicking on them, that way you can make sure it leads to where it's supposed to.
3. Only Send Personal Information over the Phone or Secure Websites
When attempting to purchase or access a service over the internet, always look for a sign that the website is secure, such as the "https:", where "s" standards for "secure", rather than the typical "http:" websites.
You should also be aware of the many phone phishing scams out there. Never divulge any personal information over the phone, unless you were the one that initiated the phone call. You should also be doubly cautious when asked to phone a specific number in order to update your account details.
4. Regularly Check Your Online Accounts
If you haven't visited an old account in a while, it's quite possible that someone may have accessed it and could be doing all kinds of nasty things on it. This is why it's very important you regularly check all your accounts and also get into the habit of regularly changing your passwords.
5. Be Wary Of Pop-Ups
Pop-ups appear on your screen masqueraded as legitimate components of the website you are on. But in many instances these pop-ups are in fact phishing scams. The best internet browsers have built in pop-up blockers, while others allow you to determine when to allow and when to disallow pop-ups. If one of these pop-ups happens to get through the pop-up blocker, it's very important that you click on the "X" in the upper corner of the applet window, as opposed to clicking on any buttons within the pop-up ad itself.
6. Using Internet Security Software
There are hundreds of reasons why you want internet security software to be running on your computer. Many of these security applications have special signatures which are designed to protect your computer against phishing scams and the like. Just make sure you're regularly updating it. New definitions are always being added to these applications, as hackers are constantly thinking up new ways of infiltrating your system.
7. Watch Out For Unsolicited Emails
Fraudulent emails are typically general in nature, unlike your authentic email, which will usually be accompanied with a reference number and some of your personal details. The vast majority of phishing emails use Dear Sir/Madam, as opposed to the user's real name.
8. Be Careful When Opening and Downloading Files in Emails
It's not uncommon for a user's computer to be infected with a virus, Trojan, or worm, the moment they open an attachment from a solicited or unsolicited email. If you do decide to open an attachment in an email, make sure you have your security software enabled, that way, if it is a virus, it will be caught and quarantined.
9. Create a Complex Email Address
When you create a complex email address, it makes it considerably more difficult for hackers to auto-generate your email using their hacking tools. Such actions are then followed up with email spamming and targeting for other malicious activity. Although you want the email to be complex, you still want it to be something that you can easily remember. You want to combine numbers and letters together, you could also use numbers as a substitute for certain letters, such as the following firstname.lastname@example.org.
10. Never Fill Your Personal Details into a Pop-Up
I've already written about the various pitfalls and risks in clicking on pop-ups. That said, not every pop-up is a potential phishing scam; many of them are pretty legitimate. That said, you should never part with your personal details when dealing with a pop-up as discernment between a legitimate and illegitimate one can be quite difficult.