How to Protect Yourself from Phishing Attacks
As cybersecurity measures become increasingly advanced, black hat (those who perform illegal activities) hackers are having trouble finding weaknesses to exploit in a system.
Right now, the weakest cybersecurity link of a system is… humans. Hackers use social engineering techniques such as phishing to gain the information necessary to infiltrate a network (e.g., business) or a service (e.g., web banking).
What is phishing anyway?
Phishing is a technique used by hackers/scammers to persuade someone to give them sensitive information such as personal or financial data (e.g., the username and password of a web banking account or a business account).
The most common phishing methods are the following:
- An email asks the user to click on a link, download and run a file. Most of the times, the user will get a message enticing them with some excuse (e.g., make the computer faster, remove a virus) to run a program that is in fact malicious software trying to steal sensitive data from their computer/mobile device.
- An email message urges the user to click on a link and log in to the website of a service that the user already uses (bank, taxation authority, etc.). The link redirects them to a (well-designed most of the times) replica of the actual web site, tricking the user into filling in their credentials (username and password) and divulging confidential details to the hacker/scammer instead of the legitimate site.
- Targeted attacks (Spear phishing aims at a specific person or a company. Therefore, the email message is customized accordingly, which makes it more difficult to recognize that is fraudulent. Whaling is a spear phishing subtype that is directed towards a company’s senior manager or an executive.
What can you do to protect yourself from a phishing scam?
- Don’t click on links in email messages when the sender is someone you don’t know.
- Use antivirus, personal firewall and anti-spam software.
- Keep your operating system and browsers updated.
- Use web filters or services (such as OpenDNS) that block phishing websites.
- Don’t install software from email links if you are not 100% sure that it is indeed an official legitimate program and you are acquainted with the sender of the email. If you don’t know for sure, please contact the sender before downloading/installing.
- Financial institutions never ask for your credentials via email. If you receive any such email, please contact your bank and inform them about the incident.
- Avoid giving out personal information via email if you are not sure who the sender is.
Always be careful about the kind of personal information you are sharing while using your computer or your mobile/device. If you keep in mind the above tips and rely on your logic, you won’t have any problem with your “digital life”.