We’ve heard the warnings and raised eyebrows at the horror stories, but how many of us really know about the ins and outs of phishing (pronounced fishing)? Arguably one of the most common tactics employed by cyber criminals, it is worth knowing about – and more importantly, worth understanding how to avoid falling victim to it.
In short, phishing is a technique that criminals use to attempt to steal confidential information from you. You are the proverbial fish in this instance and their lures are enticing emails, social media posts, and exploiting smartphones with internet access. To sweeten their bait even more, they also take advantage of people with offers of money and jobs. Given the economic difficulties of many South Africans, one can see why it is easy to nibble at such shiny hooks.
So how do you prevent an attack?
Firstly, you need to know what to look for. Identifying a suspect phishing email sees the bulk of the battle won. There are some qualities that identify an attack through an email:
– They duplicate the image of a real company;
– Copy the name of a company or an actual employee of the company;
– Include sites that are visually similar to a real business; and
– Promote gifts, or the loss of an existing account.
If you have been on the internet for any amount of time, chances are you have experienced some, if not all, of these. Granted, the likes of Google and Microsoft are good at flagging many of these as spam mail. However, attackers find new ways of circumventing these defensive algorithms.
Beyond the enticing subject line, you should also know how to check the source of information from an incoming email. For example, your bank will never ask you for confidential information over email. If you are unsure, call your bank. Many local banks have also set up email addresses you can forward suspect messages to if you are unsure. The same goes for any other accounts you may have such as a clothing account, utilities bill, phone account, and so on.
Most importantly, NEVER click on a link in these suspect emails. Like a fish biting at the hook, you will be caught firmly in the grip of the phisher once you click through. Hackers are getting increasingly good at mimicking bank Web sites. Also if they mail you with a link it might lead you to a site that will attempt to steal information off your PC.
Type the URL directly into your Web browser or bookmark the legitimate site. Scammers will try making a link look legitimate. To check if a link is legitimate, hover over it with your mouse (DO NOT CLICK ON IT) and a text box will pop up with the true link destination.
Boosting your security
Just like fish start avoiding popular spots, so you can get better at protecting your information and computer or smartphone. Good judgement and knowledge of what common phishing attempts look like is as important as a good antivirus.
You should also make sure that your email software, operating system, and Web browsers stay updated. Often, these updates also include security patches which are similar to boosting your resistance to known weak points in your devices.
Another thing worth mentioning is that you should only ever enter personal information on Web sites that are secure. The best way to check is the address should begin with “https://” and show an icon of a closed lock. If you are unsure if what the icon looks like, type in www.facebook.com and look for a lock icon. This is the secure icon for that specific browser.
Like a certain clown fish in a Hollywood movie counting his fish eggs to ensure they are all there, you should also check your bank balance once a day so you are aware of any unauthorised spending. This can also help you notice if your bank card has been swiped.
Of course, just like you get different styles of fishing, so too are phishers not just using emails. Attackers are using sites like Facebook, PayPal, Twitter, and others to also try and steal your personal information. Those cute Facebook videos you are clicking that redirect you to a page that asks you to either Like it or install the app before you can watch it, avoid at all costs.
Phishers also know no boundaries. They can reach you in any language thanks to the power of Google Translate and similar services. Fortunately, the majority of those messages are poorly written giving you a good indication of needing to be cautious.
Ultimately, the best way to prevent phishing is to completely ignore any mail that asks you for confidential information. If a company or bank really needs sensitive information from you, they will call.
For our part, Dial a Nerd has surprisingly had its fair share of phishing attacks. No one is safe from hackers. The best we can do is be aware of attack signals. Install an anti-virus and if you suspect an attack, delete it immediately.
This article originally appeared on Business Report.
Colin Thornton is CEO of Dial a Nerd. His opinions do not necessarily reflect those of Business Report.