Phishing is
a technique
that involves tricking the user to steal confidential information and
passwords into thinking you are a confidential site. Since the inception of the
Internet, phishing scams have been around. They are not go away any time soon. These scams are successful enough for
cybercriminals to make huge profits. Below are phishing statistics, and basic guidelines
to avoid becoming a victim:
ü 156 million phishing Emails sent everyday
ü 16 million phishing Emails make it through filters
ü 8 million phishing Emails are opened
ü 800,000 links are clicked from the phishing Emails
ü 80,000 people fall for the scam every day, and give
away personal information to people who are trying to phish them.
ü 3% have entered bank details on a site they don't
know, that’s over 1 million Canadians in total
ü 95 percent of phishing e-mails pretend to be from
Amazon, eBay, or banks
1.
Keep
informed about phishing techniques: New phishing scams are being developed all the time. Without
staying on top of these new phishing techniques, you could inadvertently fall
prey to one. Keep your eyes peeled for news about new phishing scams. By
finding out about them as early as possible, you will be at much lower risk of
getting snared by one.
2.
Think before you click: It’s fine to click on links when you’re on
trusted sites. Clicking on links that appear in random Emails and instant messages
isn’t such a smart move. Hover over links that you are unsure of before
clicking on them. Do they lead where they are supposed to? A phishing Email may
claim to be from a legitimate company and when you click the link to the
website, it may look exactly like the real website.
The Email
may ask you to fill in the information but the Email may not contain your name.
Most phishing Emails will start with “Dear Customer” so you should be alert
when you come across these Emails. When in doubt, go directly to the source
rather than clicking a potentially dangerous link. Often they scam you by
preying on your emotions.
That's
why the most important thing experts recommend is to listen to your gut. When
something feels off, it probably is. Since the whole point of phishing is to
get you to do something without raising your alarm bells, you need to practice
skepticism even when things seem fine. You should be generally reluctant to
download attachments and click links, no matter how innocuous they seem or who
appears to have sent them.
Think
about the context of what the sender is asking you to do. If there’s a sense of
urgency, that’s when a smart skeptic should slow down. You can work to be
skeptical about your Email all the time. It's easier said than done, but
keeping that attitude in mind can help.
3.
Install
an anti-phishing toolbar: Most popular Internet browsers can be customized with
anti-phishing toolbars. Such toolbars run quick checks on the sites that you
are visiting and compare them to lists of known phishing sites. If you stumble
upon a malicious site, the toolbar will alert you about it. This is just one
more layer of protection against phishing scams, and it is completely free.
4.
Verify
a site’s security: It’s natural to be a little wary about
supplying sensitive financial information online. As long as you are on a
secure website, its Uniform Resource Locator (URL) should begin with (HTTPS) Hyper Text
Transfer Protocol Secure. There should be
a closed lock icon near the address bar. Check for the site’s security
certificate as well.
If you get a message stating a certain website may contain
malicious files, do not open the website. Never download files from suspicious Emails
or websites. Even search engines may show certain links which may lead users to
a phishing webpage, which offers low cost products. If the user makes purchases
at such a website, the credit card details will be accessed by cybercriminals.
5.
Check
your online accounts regularly: If you don’t visit an online account for a while, someone
could be having a field day with it. Even if you don’t technically need to,
check in with each of your online accounts on a regular basis. Get into the
habit of changing your passwords regularly too.
To prevent bank phishing and credit card phishing scams, you
should personally check your statements regularly. Get monthly statements for
your financial accounts and check each and every entry carefully to ensure no
fraudulent transactions have been made without your knowledge.
6.
Never give out personal information: As a general rule, you should never share
personal or financially sensitive information over the Internet. When in doubt,
go visit the main website of the company in question; get their number, and
give them a call. An Internet user should never make confidential entries
through the links provided in the Emails. Never send an Email with sensitive
information to anyone.
7. Use antivirus software: There are
plenty of reasons to use antivirus software. Special signatures that are
included with antivirus software guard against known technology workarounds and
loopholes. Just be sure to keep your software up to date. New definitions are
added all the time because new scams are also being dreamed up all the time.
Anti-spyware and firewall settings should be used to prevent
phishing attacks and users should update the programs regularly. Firewall
protection prevents access to malicious files by blocking the attacks.
Antivirus software scans every file which comes through the Internet to your
computer. It helps to prevent damage to your system.
8. Consider the source: This is particularly important and
difficult now that attackers can send spear phishing Emails that look like they
are from your friend or your bank. And things get even more complicated in
cases when the messages are
from legitimate sources, because attackers have taken over a real Email account
or phone number and are phishing from it.
So what can you do?
First, scrutinize the address it says it came from and the text of any URLs it
contains. If the source is legit, but the text is out of character, does
something feel weird about an Email that someone you know sends (especially if
it has a request in it)? Bear in mind there's a distinct possibility they've
been hacked. Reach out to the person separately, and ask if they sent you an Email.
There are some
qualities that identify an attack through an Email:
ü They
duplicate the image of a real company.
ü Copy the
name of a company or an actual employee of the company. Include sites that are
visually similar to a real business.
ü Promote
gifts, or the loss of an existing account.
9. Know your backups: Even if you're
appropriately skeptical and avoid clicking on most links, you might get
phished. The recent Gmail phishing scam is so clever that even some IT
professionals fell for it. You need to prepare defensively in case you do get
phished.
That means taking standard cyber
security precautions like enabling multi-factor authentication on all accounts
that offer it, using a password manager or other system to maintain strong,
random, unique passwords, and backing up your data. The key to protecting yourself is
to be on guard. Phishing scammers are wily, but so are you. [i]
The spear phisher
thrives on familiarity. He knows your name, your email address, and at least a
little about you. The salutation on the email message is likely to be
personalized: "Hi Bob" instead of "Dear Sir." The email may
make reference to a mutual friend, or to a recent online purchase you've made.
Because the email seems to come from someone you
know, you may be less vigilant and give them the information they ask for. And
when it's a company you know asking for urgent action, you may be tempted to
act before thinking.”
[i] Sources used:
·
“10 Tips to Prevent
Phishing Attacks” (http://www.pandasecurity.com/mediacenter/security/10-tips-prevent-phishing-attacks)
·
“10 Ways to Avoid
Phishing Scams” (http://www.phishing.org/10-ways-to-avoid-phishing-scams)
· “Phishing Quotes and
Statistics “ (https://sites.google.com/site/phishingsimplified3/phishing-quotes-and-statistics)
·
“Phishing Scams Even Fool Tech Nerds—Here’s How
to Avoid them” by Lily Hay Newman
· “Spear Phishing: Scam, Not Sport” (https://us.norton.com/spear-phishing-scam-not-sport/article)
· “URL” (www.dictionary.com)
·
“What is
HTTPS?” (https://www.instantssl.com/ssl-certificate-products/https.html)
No comments:
Post a Comment