Despite being among the oldest tricks, phishing is still used to date by attackers. It is an attack method that exploits unsuspecting users to click on links or open emails sent by an attacker. All the attacker wants are the credentials, financial account details, social security numbers, and any other form of information that the attacker can monetize. The worst outcome may be account takeover fraud. An attacker may perform nefarious acts posing as a victim or even take bank loans which the bank may force the victim to pay. The scary part of this is that it can take some time to know it was even happening.
Therefore, you must understand how phishing works, how to detect it, and how you can avoid it or even stop in time.
Phishing Attack Prevention How to Identify and Avoid Phishing Scams
► How does phishing happen
An attacker sends an email that appears to originate from a reputable company you have business relations with. Sometimes, the email may seem to come from a financial institution that you work with or even a government agency or a regulatory agency.
The email may warn you of a problem that requires you to take immediate action. It may be a message like “Immediate attention required” or “contact us immediately regarding your account”. The immediate action may also be that you change your password. The phishing email then encourages you to click the provided button to be redirected to the attacker’s (institution) website.
In most cases, when you click on the button, it redirects you to a phony website or a clone of the original website. You are then asked to enter your account information for verification. It may be your passwords, social security numbers, account numbers, and other personally identifiable information. If you provide such information to the site, you automatically become a victim of a phishing attack.
How can you detect phishing?
1. Interrogate the header
One thing to check in an email before opening it is the header. Any communication from a business, company, government or health provider should come from the organization’s email system. It should not have an unrelated email address. If you get mail from a sender with whom you do not have a relationship, it is a phishing email. Pay attention to the “to and from” addresses. If they use your email in the form field, then that is a phishing email. If the “To:” address is to an undisclosed location or recipient you are not familiar with, then that email is phishing. You should only get emails from organizations that you have a past relationship with.
2. The content
The next stage to check is the body of the email. Do the links provided in the email look valid? Make a habit of checking the links before clicking on them. The link may look correct in the text but redirects you to a different site. Never click on an image or a link before verifying its legitimacy. Rest the pointer on the link without clicking on it to see the displayed location on the bottom left corner of the browser. That link verifies where you will be redirected if you click on the link. Be on the look for addresses resembling a popular website that belongs to a well-known website but altered slightly and confusingly. For instance, “www.microsoft.com” may appear as “www.mircosoft.com”.
How to avoid falling victim to phishing
1. Anti-phishing toolbar
Today, you can customize the most popular internet browsers by installing anti-phishing toolbars. They run checks on the sites you visit and compare the links among the commonly known phishing sites.
When a redirect hits a phishing site, the toolbar alerts you. It offers extra protection against phishing while being completely free.
2. Think before clicking
Are you on a trusted site? It is fine to click on links. However, clicking on links appearing from random emails or instant messages is not a smart move. Before clicking on them, hover over the links that you are unsure about. If they lead to the right website, then you can click on the link. Otherwise, it is a phishing link you should avoid. A phishing email can claim to come from a legit company, but upon clicking it, it redirects to a clone website. Never enter your credentials to a website that you are unsure of.
3. Verify the website’s security
It is natural to worry about your privacy and not to enter your financial information online. However, if a website is secure, there should be no worry of running into trouble. Before submitting information to a website, confirm that it has a Secure Socket Layer (SSL) Certificate installed. You can confirm this by checking if the URL begins with a “HTTPS” and a closed lock icon on the address bar. If the search engine tells you that the site contains malicious files, DO NOT open the website. If you purchase something using your credit card details, the attackers get access to that information.
4. Using firewalls
A firewall acts as a buffer between your computer, you, and the intruders. Use a network firewall and a desktop firewall. A desktop firewall is a software application, while a network firewall is hardware. When implemented on a system together, the two drastically reduce a phisher’s chances of access to your network or computer.
5. Never provide personally identifiable information
As a rule of thumb, never share financially sensitive and personal information over the internet. The rule dates back to the early days of America online. They warned users against providing sensitive information online because of the many phishing scams these days. When you doubt the links provided in the email to the original site, copy their number and call them. Because the primary motivation for phishing is money, the links usually point to pages that require entries for personal or financial information.
6. Using antivirus software
There are many reasons to use antivirus software. They have special signatures to guard against various known technology loopholes and workarounds. However, ensure that the antivirus software is always up to date. As scammers craft new techniques to use for phishing, new definitions are added to the software’s database. Ensure that you use a firewall and anti-spyware settings to avoid phishing attacks and regularly update the programs. Firewalls block the attacks by preventing access to malicious files, thus protecting you from phishing.
While there is no single way to avoid phishing attacks, you can use a combination of the above tips to avoid them. The best way is to adjust your behavior online and keenly interrogate the links before clicking on them. Besides the above, keeping your browser updated, being on the watch for pop-ups, and regularly checking the security of your online accounts are some of the other ways that you can use to avoid phishing attacks.