In this article, we will look at examples and advice on how to prevent phishing attacks. In digital terms, the practice of phishing – using threatening or enticing messages to compel a recipient to rashly give out personal or financial data, or to blindly rush to a booby-trapped website – is almost as old as the riverbank activity that its name derives from.
But today’s cyber-criminals have honed their craft, using techniques and targeted social engineering tactics more subtle and convincing than ever before.
If the sight of your Inbox fills you with dread (for that next court summons from the power company) or eager anticipation (for all those once-in-a-lifetime financial opportunities), here’s some advice on how to prevent phishing attacks and resist the urge to fill out that form, download that attachment, or click on that fatal link.
1. Prevent Phishing Attacks – Learn the Tell-Tale Signs
The phishing scam only works if you take the bait – and your tendency to do this will depend on the quality of the lure.
Emails and text messages will have compelling subject lines – and the sender will likely be an individual or organization whose name you recognize, and whose trustworthiness or authority shouldn’t be in doubt.
Likewise, the websites, banners, and file attachments associated with a phishing ploy will have been constructed for maximum effect – often with impressive or imposing-sounding labels, all designed to look like a facsimile of any organization whose brand the perpetrators are trying to exploit.
The results can be very convincing. But if you know what to look for, there may be clues to give the game away, such as:
- Though a phishing email or other communication may appear to come from a legitimate source, there’ll typically be something “off” about the information or action that it’s requesting. For a known individual, this might manifest as something out of character, or as something beyond the remit or jurisdiction of an organization or authority figure. Seriously: Why would the FBI be interested in making a wire transfer of funds to your account? In Iceland?
- Many of the perpetrators of phishing scams are based in countries outside their target zone and aren’t native speakers of the language. Look for glaring syntax, grammatical, or spelling errors (They’re a big, scary organization. Presumably, they’d have a spell-checker.), and unconventional or bizarre forms of personal address (“My Dearest”, “Attention Recipient”, etc.).
- Many web-based email and other messaging applications have a feature that pops up a floating caption with the true URL behind a Sender’s name when you hover the mouse pointer over it. So if you have one of those apps, and “Federal Bureau of Investigation” reveals itself to be “HaHaIveGotYouNow@hotmail.com” – or a meaningless jumble of IP address figures – you’ll have only yourself to blame, if you buy into what they’re selling.
- Should you give in to the temptation and find yourself on a doppelganger website constructed for other souls like you, the smart thing to do is leave. Immediately. Failing that, at least do the following, before anything else: Open up a new browser window, and type in the authentic (advertised, as found on page 1 of Google) URL of the site you’re supposed to be visiting. Compare the two – and you may be shocked to discover how imperfect an imitation the phony site actually is. Then leave.
2. Verify at Source
That last point illustrates the importance of keeping your wits about you – and of getting a second opinion. If a message comes via one medium (email, SMS, etc.) and purports to come from a certain person or institution, use another form of communication (phone, in-person visit, etc.) to verify that such a message was actually sent – and that the specific instructions in it reflect the true intentions of the genuine source.
3. Uninvited Pop-Ups Aren’t Good
This is true generally, as they often detract from the browsing experience. But banner ads, inline forms, and pop-ups are particularly dangerous in the phishing context, as these visual cues often serve as a deliberate distraction to trick you into doing something rash – like clicking on them or entering information. Don’t.
If you have an ad-blocker or pop-up filter, this can help to reduce the effect, but be on your guard nonetheless.
4. Confidential Information Involved? Use a Secure Connection
If you are conducting sensitive business or financial transactions online, make sure that you’re doing so on a website with a secure connection. Look for the https:// prefix before the web address and/or the locked padlock icon that indicate an SSL (Secure Sockets Layer) or TLS (Transport Layer Security) connection protocol – neither of which, incidentally, should likely feature on any bogus website set up for entrapment purposes.
5. Check Your Accounts Regularly
A large proportion of phishing activities focus on acquiring account credentials – for user accounts on various websites, and in the banking and financial context. If such information falls into the hands of cyber-criminals, they may hijack your online presence, posing as you to gain access to various resources – up to and including siphoning off funds from your financial accounts.
So it’s a good idea to do a periodic check on each of your accounts. Look for suspicious activities like transactions you don’t remember authorizing, dwindling balances, or entries that don’t bear your characteristic stamp.
6. Be Discreet on Social Media
Facebook, Twitter, and other platforms are a great way to blow off steam and truly speak your mind – but you need to be sensible about doing this. Entries made on open channels are also a great way for cyber-criminals to observe your habits, activities, and personality traits, as well as personal information that you unintentionally divulge. These, in turn, can be powerful tools in facilitating identity theft.
So be discreet – and check those Privacy settings, to make sure that what is personal stays that way.
7. Use Technology to Assist
In the fight to prevent phishing attacks, automation and software technologies can be your friend. Pop-up and anti-spam filters can help weed out a lot of the unwanted stuff before it gets to your Inbox. Some tweaking of your account settings on various platforms can also assist in this regard.
And having a comprehensive security suite with a personal firewall and the latest versions of anti-virus, anti-malware, anti-spyware, and anti-keyloggers can help keep you safe from malicious content. It’s especially important to have this, as some of the more sophisticated phishing sites have been pushing malware onto visitor’s devices automatically, and without their knowledge.
8. Supplement Your Protection with Knowledge
Speaking of knowledge, reading the technology press and visiting threat intelligence resources (like the web sites run by reputable cyber-security companies) will keep you updated on the current trends in phishing, and the threats and warning signs to look out for.
Security education is highly recommended for corporate users. But this should go beyond the bland, to include regular programs of engaging and interactive Training, Education and Awareness (TEA) to prevent phishing attacks.
9. Prevent Phishing Attacks – When in Doubt, Don’t!
It can’t be stressed enough that the success of phishing hinges on its ability to disengage you from your common sense and get you to react – and act – with your emotions. If you take that extra second or two to realize how unbelievable those cash offers or how empty those supposed threats actually are, this will give you the time you need to have some serious doubts – and act on them by ignoring the communication, or taking steps to verify it further.
And don’t be hesitant about reporting to the authorities any activity or communications that you deem suspicious. Even if it turns out to be a false alarm, your works management, local or regional law enforcement will have been informed of the potential risk, and know about it if it becomes an issue, in future.
Share this Post