Whether you see yourself as vulnerable to the cunning antics of online criminals or a savvy internet user who could never be duped by a phishing scam, there is benefit to brushing up on the ways to keep your identity safe.
Pride comes before a fall and even the most careful web users can become distracted or let their guard down once. Unfortunately, once is usually enough to let the hackers in and your privacy out.
Here are seven ways to avoid being deceived by deadly phishing messages.
1- Learn to Spot a Phishing Scam
Although it is true to say that phishing attacks are normally launched via email or pop-up, it is more useful to recognize phishing scams by the feelings they awaken in you. If you read a message and it makes you feel worried or excited, take a deep breath and look more closely.
An email, pop-up or social media communication which suggests that an account has been compromised (bank account, eBay account, Facebook profile, etc.) may be a phishing attack pushing your ‘fear’ buttons. Another message congratulating you on winning an iPhone or urging you to click a link for a great job opportunity or to reveal an exciting secret could also be a cybercriminal preying on your natural desire for pleasure and reward.
On closer inspection, you may find poor grammar, out of date icons, a strange email address and low-res images but cybercriminals are getting much more sophisticated in the design side of mimicry so don’t trust a message just because it looks genuine.
2- Always go the Long Way Around
When we are excited or scared we switch to ‘fight and flight’ mode which stops us thinking (‘would my bank really email me for my secret password?’) and urges us to act (‘I need to click that link now!’). This is exactly what the phishing ploy is designed for.
Train yourself to take a deep breath and pause before ever clicking on an unfamiliar link. If you still think the message might be genuine, exit your email programme or webpage, open up a new browser window and enter the home url for your bank, eBay, Facebook account, etc. Once you have gone through security you can then contact the organization, safe in the knowledge that you are speaking to a bona fide employee.
3- Keep your IT Updated
Although the first two steps should be enough to halt a phishing attempt in its tracks, keeping your operating system, browser and security software up-to-date can help detect some of the newer scams, keeping them from your door, while adding a second layer of security should you slip up and click a compromised link. If you are a business, handing security responsibilities to an outside agent is worth considering. From New York to Los Angeles, IT support and management firms are now offering powerful enterprise-grade protection as well as data back-up services.
4- If you don’t see an ‘S’ Then Hope for the Best
Get this mantra ingrained in your mind for whenever you are prompted to enter sensitive information (such as bank details, your social security number or confidential passwords) online. Look at the URL and if it doesn’t begin with ‘https://’ then entering that information is a big risk since it could be potentially viewed by anyone.
5- Diary in Regular Account Checks
While prevention is better than cure, the earlier you realise that your personal identity has been compromised the better. Schedule in regular audits of your financial accounts and look out for unfamiliar transactions. It is also worth checking your credit rating periodically through Annual Credit Report. You are allowed one free report every year and this will show whether anyone has been using your identity to obtain credit or for other illicit activities.
6- Develop a Suspicious Mindset
Life is a lot less dramatic than the phishing scammers would like you to believe. Your bank is unlikely to be broken into and, if it’s not your fault, you will get reimbursed anyway. You are probably not being tracked by the FBI over suspicious activity on your computer and you most definitely are not going to win a million dollars from a lottery you have never entered. And if there’s the slightest concern that the message may be telling the truth, remember to avoid the link and go the long way around.
7- Keep in Touch with CybersecurityZEN
To stay in the loop regarding all the new phishing threats, tactics and ways to stay protected online, bookmark the Cybersecurityzen.com blog and return regularly.