Phishing is a technique that involves tricking the user into thinking you are a confidential site to steal confidential information, passwords, etc.
So far hackers have used emails to launch this type of attack, but with the widespread use of social media networks and smartphones with internet access, the types of attacks are multiplying.
These emails include a link that takes the user to site known to have a confidential website, but they’re mere mimics with zero confidentiality. Often, the links are to sites with domain names that are slightly different, but very close to, the domain of a known site (e.g. www.sitename.com vs. wwwsitename.com)
Thus, overconfident users who do not have adequate antivirus protection or who are not aware of the slight changes in the domain name of included links, could be involved in attacks that are aimed to steal personal data.
And because of the economic crisis which is unfortunately affecting several countries, phishing attacks are attracting people with the promise of a great job or an easy way to get money.
The question is … How can we prevent this type of phishing attack?
9 Tips to Prevent Phishing Attacks
1. Learn to Identify Suspected Phishing Emails
There are some qualities that identify an attack through an email:
- They duplicate the image of a real company.
- Copy the name of a company or an actual employee of the company.
- Include sites that are visually similar to a real business.
- Promote gifts, or the loss of an existing account.
2. Check the Source of Information From Incoming Mail
Your financial institution will never ask you to send your passwords or personal information by email. Never respond to these questions, and if you have the slightest doubt, call your financial institution directly for clarification.
3. Beware of Clicking on Links Included in Emails
Be aware of the destination pages of hyperlinks or links attached in emails you receive. Links could direct you to fraudulent websites. If you’re checking emails on a computer, inspect the links before clicking on them by hovering over the link with your mouse pointer and looking at the destination URL that shows up at the bottom corner of your screen/browser window. If you use an Apple mobile device to check emails, you may be able to inspect the links before following them by pressing and holding your finger on the link – this may bring up an options menu that allows you to view the link destination, and open or copy the link (iOS/Apple devices only).
Typing the financial institution’s known URL (for example, www.eecu.org) directly into your browser or using bookmarks/favorites if you want to get there faster, may be a good idea.
4. Enhance the Security of Your Computer
Common sense and good judgement is as vital as keeping your computer protected with a good antivirus to block many types of attacks.
In addition, you should always have the most recent update on your operating system and web browsers.
5. Enter Your Sensitive Data in Secure Websites Only
In order for a site to be ‘safe’, it must begin with ‘https://’ and your browser should show an icon of a closed lock.
6. Periodically Check Your Accounts
It never hurts to check your bank accounts periodically to be aware of any irregularities in your online transactions.
7. Phishing Doesn’t Only Pertain to Online Banking
Most phishing attacks are against financial institutions, but can also use any popular website to steal personal data such as eBay, Facebook, PayPal, etc.
8. Phishing Knows All Languages
Phishing knows no boundaries, and can reach you in any language. In general, they’re poorly written or translated, so this may be another indicator that something is wrong.
If you never you go to the Spanish website of your financial institution, why should your statements now be in this language?
9. Have the Slightest Doubt, Do Not Risk It
The best way to prevent phishing is to consistently reject any email or news that asks you to provide confidential data.
Delete these emails and call your financial institution to clarify any doubts.
Originally published by Panda Security, February 21, 2016
Edited and re-published by EECU, August 23, 2016