Today’s article will be focused on phishing scams and how to protect against them. Many of you may have already heard the term several times, but let’s make sure we all know what it exactly refers to. The best way to describe a phishing scam is when you get an email or a message, and this one looks like it comes from a trusted organization/person. However, when you click on the link that’s placed within this message, you’re taken to a malicious website that simply records your confidential information.
Although phishing attacks should not be restricted to simply getting a suspicious email, this is one of the most common ways to do it. While the whole point of such an attack is to trick users into providing confidential information to a malicious website, they can take the shape of a pop-up ad on a website, as well.
In the next few paragraphs, we are going to talk about the various ways in which you can get attacked and how to react to it. Apart from that, you will also learn how to protect yourself against such attacks, because it’s always easier to prevent than it is to treat, isn’t it?
Avoiding scam via email
Generally speaking, phishing attacks are fairly easy to avoid. They usually come in the shape of an email that looks as if it’s been sent by a well-known company, such as PayPal or Google. You may have already encountered emails where you’re told that your account has been locked, and in order to unlock, you should click on a certain link.
Another famous way of tricking users is by telling them that they will lose access to their account if they don’t click on a link and follow the instructions listed there. This is a typical one that Yahoo users get quite often, telling them that Yahoo will completely close if they don’t go to a specific website and re-create their account. By doing so, you basically give all of your personal information to a stranger.
You will probably think that these emails are easy to spot and avoid. However, the trick is that they use fear to make users react. They basically try to scare you out, so that you would eventually click on that link and do whatever they want you to. While the trick is not to panic in the first place, it’s also important to know that these scams are sometimes difficult to detect.
For this reason, here are some of the classical signs of phishing. These ones are true for emails, social media messages, as well as ads and pop-ups:
- Grammatical errors: many of those who create phishing attacks come from foreign countries, and they only use English as a trap for users; if there are many typos, and it all looks like something that a 7-year-old wrote, then that might be a scam.
- Your name: companies that you have an account with will always know your name and place it at the beginning of the email; if this message looks like a generic one that goes out to everyone, and it does not address you in particular, you should be careful.
- Threatening message: although the message may sound professional and quite nice, if there is a threat, such as “you will lose your account if you don’t [x]” or “click here now, or you will not be able to unlock your account again”, and then there is a link you’re supposed to click, don’t do it.
Although these indications are very helpful, some of the scam emails just look perfect. They are written perfectly, and the grammar is smooth, your name and even last name are part of the heading, there is the logo of the company, and it all seems as if it was real. Given how tough it is to tell a real email from a scam these days, the only solution you have is to treat all emails as suspicious.
What you have to know, if that a big company will never send you unsolicited email. Another important aspect is that they will never ask you to click on a link for no specific reason – unless you previously asked to reset your password, for example. In case you’re uncertain about an email you received, the best thing you can do is look for that company’s contact information. Check if the email you got the message from is the official one, and try to call the company and check if they actually did try to get in touch with you via email.
Taking care of your personal data
As we said before, phishing doesn’t just happen via email. It can sometimes happen via social media, such as Facebook or Twitter, or it can even come in the shape of a message that pops up into your web browser while you’re surfing the web.
For this reason, you can never know for sure if an ad is just an ad, and it simply tries to attract customers to one business or another, or it is actually a scam. It happens to the best of us – you sometimes just check all the programs installed on your computer and realize that there are some that you never installed yourself. This could be a software that was automatically installed when you clicked on a link that you should have or opened an ad that was actually a phishing attack.
Because this can happen so often, it is important not to share your personal information on the internet too often. Communicate confidential data about yourself only via phone (again, double check the number) or in person! If you’re going to use a website for doing so, only use secure websites, and try to make sure that they’re safe. For example, when you’re doing an online transaction, you should check that the website’s link begins with “https://” rather than just “http://”.
To make sure you’re completely safe, you can also double-click on the lock that you see on the left side of the link. This will let you verify the SSL certificate that the web page is using in order to have that specific https service.
Avoiding scammy documents
A scam email will not always ask you to go to a website in order to provide personal information. It may sometimes ask you to download a document that’s attached to the email and looks fairly safe – they could tell you that this is a file you need for a recent application you actually really made. Once you download the file, it’s much easier to get any information about you by simply accessing other files on your computer or following your activity.
Others emails will not directly attach the file to the email, but they will still lead you to an external website. However, seeing that you’re not asked to give personal data, you may think that it’s safe and go ahead with the procedure. This type of website will typically ask you to follow a number of steps of installing a program.
Such programs are usually said to actually help you protect your computer a lot better or get rid of a virus or gain access to some form of entertainment that you were looking for recently. What you should bear in mind whenever you’re ready to download a file either from your email or from another website, is that it could be a phishing attack.
For this reason, it is important to make sure that you don’t download something that came from an unknown sender. Usually, when we receive something to download via email, it is something we already knew about and expected to receive. For example, we may have asked a colleague from work so send us his latest draft of a certain document. Therefore, we knew that we were going to receive something.
Similarly, when we’ve been discussing with our bank or other big company about a specific problem, we also expect to receive a response from them. When a random email pops into our inbox and looks like it’s been send by PayPal or Amazon, although we didn’t talk to them recently, it might be a trap. And when it also asks us to download something we never asked for, it could certainly be a trick.
What you need to do in such cases is to make sure that the contact details are the right one – check their emails address and see if it’s the same as the one they made public on their website. If you’re not sure about it, simply call the company and see what they have to say about it. Don’t save anything onto your computer before you make sure it’s okay!
Although the previous information is highly important, the best thing you can do to protect yourself against phishing is to use a strong software for that. First of all, you should install an antivirus on your computer and make sure that it’s always up-to-date.
The antivirus software you install is usually capable of detecting technology exploits, and it simply bans them before they get to reach you. This can prevent you from being tricked into clicking on a Trojan disguised as a web address bar or a pop-up.
Apart from the antivirus you use, it’s also important to have an anti-spyware software installed. The latter helps you keep spyware down to a minimum by scanning everything that looks like a threat for you. A good solution is Microsoft’s Antispyware, but there are plenty of other options you can look at.
Firewall is also crucial when it comes to protection. You should be using both a software and a hardware firewall and make sure that they’re always updated to their latest version. Zone Alarm is a good example of a firewall for your software, but there are several others that can prevent any malicious website from stealing your data and hijacking your web browser.
Last but not least, you should make sure that you’re always well-informed. No matter how good of a job we do at protecting ourselves, they’re always someone who’s ahead of us. For this reason, you should educate yourself and keep on learning about the various types of attack that you could experience. To have access to some of the latest information about technology exploits and phishing attacks, keep an eye on our website!