“Congratulations! You have won a Super Bowl ticket!
Open the link below to claim your reward.”
Phishing is a kind of cybercrime in which a person is lured into disclosing personal information. This information could include account number, password, citizen number, and insurance number.
Phisher—the one who commits phishing—could disguise as the representative of a notable organization and phone call you, reach out to you through a deceptive website, send you a fraudulent text message, or even contact you through a social media account.
According to IBM, the average financial loss of the data breach was $3.86 million, with phishing accounting for 90 percent of all the data breaches.
The technological evolution has ramped up the standards of cybersecurity but, at the same time, is favoring the phishers too.
Nonetheless, we are pretty certain that phishers won’t stand a chance against you if you adopt the following 5 techniques in your online activities.
- Spot the deceptive emails
In 2007, employees of a Swedish bank, Nordea, fell for a fraudulent email trap that lured them into installing a Trojan. This incurred a loss of over 8 million Kronor to the bank.
Deceptive emails remain as one of the key weapons for the phishers. Consider it a red flag if an email:
- Requires a prompt action — “hurry up; the offer expires in two days.”
- Refers you with impersonal greetings instead of your name — “Dear Valued Customer.”
- Contains an unprofessional writing tone — “Click the link to grab your reward!!!!”
So you receive an email of a bank representative who asks you for your personal information for your account verification process. But before you handle out the sensitive information, take a second look at the email address.
The domain of the email address should contain the name of the bank. Even if this is the case, check on the spelling. A tampered email address will either contain a subtly misspelled or an unrecognizable domain.
If you smell something “phishy,” never proceed with any links or attachments in the email. Moreover, a reputable organization is not likely to ask you for your sensitive information through emails, so, when in doubt, contact them and get it confirmed.
2. Browse safely
Another step in reaching that foolproof state is to access a secure website.
If you can see a security lock icon and https:/ in the address bar of the browser, you are on the safe side. Take care of this, especially when you are required to submit personal information on the website.
Moreover, use a reputable web browser—one that is equipped with all the modern security features. For instance, Google Chrome marks a website “Not Secure” if the website doesn’t provide a secure connection.
Besides, you might either be required to enable protection functions, or your browser could automatically detect and block suspected phishing websites.
But one should always go the extra mile when it comes to security, right?
For that, upgrade your web browser with an anti-phishing toolbar and extensions. These will help you in providing a closer look at the reputation of a website.
To take it a step further, use private browsing mode. It stops phishers from tracking your online habits as it deletes the cookies and your browsing history. What’s more, an incognito mode will automatically sign you out of your accounts if you forget to do it yourself.
3. Know by sight
What deceptive email usually directs a user to, is a malicious website. However, with a little insight into those harmful websites, your chances to spot them will shoot up!
So — first things first —pick the odd one out!
The phishers are normally tech-savvy and know a bunch of ways to lay their hands on your personal information. However, they might miss out on the professionalism and consistency of a reputable organization.
If you notice that a website has absurd fonts with inconsistent spacing, labels do not align with the data entry fields, or the website is overly simplified, chances are that it’s a phishing attempt.
With that being said, a website can manage to appear authentic, but one look at the URL could tell a different story.
The domains of the websites, in some cases, could be coupled with subdomains. So, for instance, if the URL of a website is abc.facebook.com, everything before facebook.com is the subdomain. On the contrary, if it is facebook.abc.com, that is a pure trap!
In other cases, the URLs are not coherent with what the websites exhibit. Why would Pizza Hut reach out to you with a URL porcupinecorps.com? Think about it!
4. Watch out for phone scams
Voice Phishing, also known as Vishing, is a type of phishing in which the perpetrators use telephonic means or voice-over-IP services to reach their targets.
According to the Federal Trade Commission (FTC), people lost more than $667 million to phone scams in 2019. The imposters pretended to be bank representatives, charity workers, government employees, and—oddly enough—romantic partners!
While people can buy time on emails and websites and take assertive actions, Vishing allows the frauds to use emotional manipulation and other psychological tactics to extract out valuable information. Some of the elements they can plant in your mind include:
- Fear
- Urgency
- Excitement
- Curiosity
So, if a charity worker reaches out to you through a phone call, take no shame in verifying the details. Keep your emotions at bay and stay assertive throughout the phone call. Moreover, reputable organizations would rather require you to arrive at their offices instead of taking sensitive information over a phone call.
Bear in mind that there is nothing bad in telling “No” if you are not ready to reveal any information. You can always buy time to validate the details and come back.
5. Deploy security tools
An antivirus program is the first thing that should cross your mind when you think about using a security tool. It detects technological workarounds that would be too complicated to be detected otherwise.
Moreover, an antivirus program would examine files as you download them, detect the harmful ones, and ask you to take prompt action.
It is strongly advised to keep your antivirus program turned on all the time. Although it might consume a bit of your RAM, your security against phishing attacks is much more important than that. Besides, regularly scan your computer through the antivirus and turn on its automatic updates.
If the antivirus comes with a built-in firewall, make sure it’s activated. Otherwise, employ it by external means.
A firewall will prevent unauthorized access to or from a private network. When you use a hardware firewall, in conjunction with its software counterpart, you will give a tough fight to the phishers.
Consider adding a password manager to your security tools starter kit as well. If you land upon a malicious website, your password manager won’t fill in the login credentials—giving you a big red flag!
Final Word
“One thing that makes it possible to be an optimist is if you have a contingency plan for when all hell breaks loose.” — Randy Pausch
If you somehow end up becoming a target of phishing, report it to the network administrators immediately (if it is done on your office computer). Otherwise, report the incident to the cybersecurity agency or file a report with the Federal Trade Commission.
Lastly, we would love to hear out your thoughts on the topic. So, let us know in the comment section about your opinions and valuable insights!