No one wants to fall prey to a phishing scam. There’s a good reason that such scams will continue, though. They are successful enough for cybercriminals to make massive profits. Phishing scams have been around practically since the inception of the internet, and they will not go away any time soon. Fortunately, there is a number of best practices that users can use regardless of any specialized software in order to prevent phishing attacks.
What Is a Phishing Attack?
Phishing is a scam used by identity thieves to trick you into providing your sensitive personal or financial information. Thieves use official-looking emails to impersonate trusted entities like banks, credit card companies, and online resources like eBay or PayPal. These emails are used to lure unsuspecting consumers to a particular website through a link where they will be asked to enter their information. According to a study done in 2006, approximately 109 million people received a phishing email of some sort in that year.
How to Prevent Phishing Scams?
In this article we are going to talk about the basic guidelines in keeping yourself safe.
1. Think before You Click
It’s fine to click on links when you are on trusted sites. Clicking on links that appear in random emails and instant messages, however, isn’t such a smart move. Hover over links that you are unsure of before clicking on them. Do they lead where they are supposed to lead?
A phishing email may claim to be from a legitimate company and when you click the link to the website, it may look exactly like the real website. The email may ask you to fill in the information but the email may not contain your name. Most phishing emails will start with “Dear Customer” so you should be alert when you come across these emails. When in doubt, go directly to the source rather than clicking a potentially dangerous link.
2. Avoid Using Public Networks
Email communications over public networks are often not encrypted. Hackers could use this limitation to sniff out important information such as account username and passwords, saved passwords, and other financial details. Of course, rogue hackers may setup completely free hotspots and lure you into providing sensitive information even without sophisticated data sniffing technologies. A best practice to prevent phishing when using public networks is to use your mobile’s tethering and hotspot capabilities to work with its 3G/4G data connection rather than relying on public networks.
3. Protect Your Personal Information
In order to be protected against falling victim to a phishing scam, it is important to be very cautious with your personal information including your usernames and passwords. Some phishing scams divert you to a fraudulent website designed to look like your bank’s website or a similar trusted source. When you enter your username/password and other information, that information is transmitted to the con artist, who can abuse it later on.
4. Keep Your Browser Up to Date to Prevent Phishing
Security patches are released for popular browsers all the time. They are released in response to the security loopholes that phishers and other hackers inevitably discover and exploit. If you typically ignore messages about updating your browsers, stop. The minute an update is available, download and install it.
5. Beware of Pop-ups
Using Iframe technology, popups can easily capture personal information and send to a different domain to the one showing up in the browser toolbar. Reputed, established sites rarely ask to enter sensitive information in popups and as a rule of thumb, no personal information should be entered in pop-ups even if they appear on domains with valid SSL and have passed all other phishing checks.
6. Verify a Site’s Security to Prevent Phishing
It is natural to be a little wary about supplying sensitive financial information online. As long as you are on a secure website, however, you shouldn’t run into any trouble. Before submitting any information, make sure the site’s URL begins with “https” and there should be a closed lock icon near the address bar. Check for the site’s security certificate as well. If you get a message stating a certain website may contain malicious files, do not open the website. Never download files from suspicious emails or websites. Even search engines may show certain links which may lead users to a phishing webpage which offers low cost products. If the user makes purchases at such a website, the credit card details will be accessed by cybercriminals.
7. Watch Out for Shortened Links
Shortened links do not show a website’s real name and hence, can be more easily used to trick the recipient into clicking. Hackers can use shortened links to redirect you to a fake look alike sites and capture sensitive information. Always place your cursor on the shortened link to see target location before clicking on it.
8. Use Firewalls to Prevent Phishing
High-quality firewalls act as buffers between you, your computer and outside intruders. You should use two different kinds: a desktop firewall and a network firewall. The first option is a type of software, and the second option is a type of hardware. When used together, they drastically reduce the odds of hackers and phishers infiltrating your computer or your network.
9. Install an Anti-Phishing Toolbar
Most popular Internet browsers can be customized with anti-phishing toolbars. Such toolbars run quick checks on the sites that you are visiting and compare them to lists of known phishing sites. If you stumble upon a malicious site, the toolbar will alert you about it. This is just one more layer of protection against phishing scams, and it is completely free.
10. Use Antivirus Software to Prevent Phishing
There are plenty of reasons to use antivirus software. Special signatures that are included with antivirus software guard against known technology workarounds and loopholes. Just be sure to keep your software up to date. New definitions are added all the time because new scams are also being dreamed up all the time. Anti-spyware and firewall settings should be used to prevent phishing attacks and users should update the programs regularly. Firewall protection prevents access to malicious files by blocking the attacks. Antivirus software scans every file which comes through the Internet to your computer. It helps to prevent damage to your system.
You don’t have to live in fear of phishing scams. By keeping the preceding tips in mind, you should be able to enjoy a worry-free online experience.
11. Check Your Online Accounts Regularly
If you don’t visit an online account for a while, someone could be having a field day with it. Even if you don’t technically need to, check in with each of your online accounts on a regular basis. Get into the habit of changing your passwords regularly too. To prevent bank phishing and credit card phishing scams, you should personally check your statements regularly. Get monthly statements for your financial accounts and check each and every entry carefully to ensure no fraudulent transactions have been made without your knowledge.
12. Keep Informed about Phishing Techniques
New phishing scams are being developed all the time. Without staying on top of these new phishing techniques, you could inadvertently fall prey to one. Keep your eyes peeled for news about new phishing scams. By finding out about them as early as possible, you will be at much lower risk of getting snared by one. For IT administrators, ongoing security awareness training and simulated phishing for all users is highly recommended in keeping security top of mind throughout the organization.
The Final Thought
It is a good practice to look at all the emails and websites suspiciously. Getting sucked into a phishing scam can cost you thousands of dollars and a good amount of your valuable time. An ounce of prevention now can save a pound of cure later.
This post is also available in: Español (Spanish)