Phishing scams are one of the most common ways cybercriminals access personal information, banking details, etc., of their victims through unsolicited emails and messages. However, several individuals still fall victim to these scams because they are hard to detect.
Through phishing, cybercriminals pose as authentic websites to deceive victims into revealing sensitive personal information or installing malware such as ransomware, thereby accessing sensitive data.
Phishing as defined by Microsoft is an attack that attempts to steal your money or identity, by getting you to reveal personal information such as credit card numbers, bank information, or passwords on websites that pretend to be legitimate.
A cybersecurity expert, Timothy Avele stated that the easiest and most successful methods cybercriminals use and will continue to use is social engineering techniques such as phishing, which include business email compromise, vishing (using rogue interactive voice response system), pretexting etc.
How to recognise a phishing email or Short Messaging Service
Before you can avoid being a victim of cyberattacks through phishing, you must first recognise what phishing is and how it is usually sent to unsuspecting victims.
According to Kaspersky, phishing prevention has become essential as more criminals turn towards online scams to steal personal information. Across the web, phishing attacks have baited unsuspecting victims into handing over bank information, social security numbers, and more. Sometimes these scams hide behind voices you know and trust, like your coworkers, your bank, or even your government. If you so much as click a link, you could be the scammer’s next victim.
Kaspersky stated that spotting a phishing email comes down to pointing out anything inconsistent or unusual.
One of the reasons phishing emails are so disturbing and Unfortunately, they are often successful because they are crafted to look legitimate. Generally, the following features are common among phishing emails and should raise red flags: attachments or links significantly different from that of the original company, spelling errors, poor grammar, unprofessional graphics, a tone of urgency to verify your email address or other personal information immediately, and generic greetings like “Dear Customer” instead of your name.
Kaspersky in a blog post highlighted steps to avoid phishing scams
The key to preventing cyberattacks through phishing emails and SMS is vigilance. If you have come across one in your inbox (that has not been auto-filtered into spam), use these strategies to avoid becoming a victim of a phishing attack.
Delete and don’t open the message
Most viruses activate when you open an attachment or click a link within an email or SMS. But some email clients allow scripting, which makes it possible to get a virus simply by opening a suspicious-looking email. It is best to avoid opening the messages.
Block the sender
The best way to handle a phishing email or SMS is to block the sender to avoid receiving more emails or messages in the future. If your email or SMS client allows you to manually create a block, you should do so. Make a note of the sender’s email domain or phone number, and then add the sender to a blocked list. This is especially smart and helpful if you share the email box with anyone in your family.
Don’t give out sensitive information
Most reputable companies will not request personally identifiable information or account details via email. This includes your bank, insurance company, and any company you do business with. If you ever receive an email asking for any account information, immediately delete it and then call the company to confirm that your account is secured.
When you get an alert from your bank or other major institution, never click the link in the email and do not give out any personal information. Instead, open your browser window and type the address directly into the URL field, so you can make sure the site is real.
Install antivirus software
One of the simplest ways to protect yourself from becoming a victim of a phishing scheme is to install and use proper internet security software on your computer. Internet security software is vital for any user because it provides multiple layers of protection in one simple-to-manage suite. You can use anti-spam and anti-malware security plans. By combining a firewall, anti-spam and anti-malware into one package, you can provide extra backups that keep your system from being compromised, if you do accidentally click on a dangerous link.
Use password managers
Password managers are important to suggest and save strong passwords for different websites. This makes it harder for cybercriminals to gain access to one’s personal information. In addition to using password managers, Avele said that individuals can protect themselves by having a SIM pin and changing their passwords to 16 characters with one upper case, one lower case and special characters such as @, ? etc.
The cybersecurity expert said that this would take about 152,000 years to crack, however, he recommended that passwords must be changed every three to six months, stating that banking passwords should not be used for other account types like email, Facebook etc.
Avoid clicking embedded links
Do not click embedded links in emails or SMS because these can be seeded with malware. Be cautious when receiving messages from vendors or third parties; never click on embedded URLs in the original message. Instead, visit the site directly by typing in the correct URL address to verify the request, and review the vendor’s contact policies and procedures for requesting information.
Update software and operating system
Windows OS products are often targets of phishing and other malicious attacks. So, be sure you’re secure and up to date especially if you’re still running anything older than Windows 10. Also, ensure you’re using the latest version of your browsers; always update them.
Set up private and public email addresses:
Setting up separate email addresses helps to reduce the amount of spam you receive. The private email address should be for personal correspondence while the public address should be used to register on public forums, chat rooms, or to subscribe to mailing lists and other internet services. It should as well be changed frequently. If you must publish your private address electronically, try to mask it in order to avoid having the address picked up by spammers. For example, ‘[email protected]’ is an easy address for spammers to find. Try writing it as ‘Joe-dot-Smith-at-yahoo.com’ instead.
This also applies to phone numbers; you should have a personal and public phone number. The public phone number should not be linked to any of your bank accounts while the personal number can be used for banking transactions and shouldn’t be shared on public websites/platforms
Never respond to any spam
Most spammers verify receipt and log responses. The more you respond, the more spam you’re likely to receive. Also, use anti-spam filters and only open email accounts with providers that include spam filtering.
Think before you click ‘unsubscribe’
Spammers send fake unsubscribe letters, in an attempt to collect active email addresses. If you click ‘unsubscribe’ in one of these letters, it may simply increase the amount of spam you receive. Do not click on ‘unsubscribe’ links in emails that come from unknown sources.