Blog
Eight ways to avoid phishing scams
June 11th, 2018
Phishing is a form of online scam in which fraudsters trick Internet users into submitting personal information to what they believe is a legitimate organisation. This can lead to scammers gaining your personal login credentials or the information needed for identity theft.
Phishing scams usually arrive as an email pretending to come from a legitimate source. Most commonly, Microsoft and Amazon are used as the credentials for those accounts offer a wealth of personal and financial information. However, other companies scammers often pose as include Apple, DropBox, LinkedIn and PayPal.
Because phishing is one of the most devious forms of identity theft, it is important to become familiar with various types of phishing scams as well as learn how to protect against them.
How to protect against phishing attacks
1. Guard against SPAM
Many phishing emails follow a preset script or are sent out in bulk. Having a SPAM filter in place allows you to filter out the majority of these mass emails and can allow you to block messages which come from known malicious addresses. Even with a SPAM filter, you should be especially cautious of emails that:
- Come from unrecognised senders
- Ask you to confirm personal or financial information over the Internet or make urgent requests for this information
- Aren’t personalised
- Try to upset you into acting quickly by threatening you with frightening information
2. Communicate personal information only via the phone or secure website
When conducting online transactions, look for a sign that the site is secure such as a lock icon on the browser’s status bar or an “https:” URL, whereby the “S” stands for secure, rather than an “http:”.
Do not blindly trust a website which uses https though. Many phishing sites now use https and the green padlock to imply they are more genuine or to instil more trust. But this is just another piece of social engineering. All https means in this scenario is that you’re securely handing your details over to a scammer.
However, you should also be aware of phone phishing schemes. Do not divulge personal information over the phone unless you initiate the call. Be cautious of emails that ask you to call a phone number to update your account information as well.
3. Don’t click on links, download files or open attachments from unknown senders
It is best to only open attachments when you are expecting them and know what they contain, even if you know the sender. Some email clients come with the ability to preview the contents of an attachment and this can be used to determine if the contents are malicious or not.
Additionally, if a link is present in an email, don’t click it. Instead, navigate to the legitimate site via a web browser and continue from there.
4. Never email personal or financial information, even if you are close to the recipient
As a general rule, you shouldn’t be sending personal information over an insecure channel like email. You never know who may gain access to your email account, or to your recipient’s account either and then be able to find that information.
If you must send personal information, many email clients now have the ability to send a self-destructing email which can prevent it from being intercepted.
5. Beware of links in emails that ask for personal information
Even if the email appears to come from an enterprise you do business with you should still be cautious. Phishing websites will often copy the entire look of a legitimate website, to make it appear authentic. To be safe, call the legitimate enterprise first to see if they really sent that email to you.
6. Beware of pop-ups
- Never enter personal information in a pop-up screen
- Do not click on links in a pop-up screen
- Do not copy web addresses into your browser from pop-ups
- Legitimate enterprises should never ask you to submit personal information in pop-up screens, so don’t do it.
7. Protect your computer
At a minimum, ensure your computer is protected by a firewall, spam filters, anti-virus and anti-spyware software. Do some research to ensure you are getting the most up-to-date software, and update them all regularly to ensure you are blocking new viruses and spyware.
Additionally, setting up two-factor authentication on your accounts can add an additional layer of security and prevent scammers from accessing your personal information.
8. Check online accounts and bank statements regularly
If you’ve been the victim of a phishing scam or think you have, it’s important to constantly monitor the activity of that account. A scammer may lie low for a while to trick the victim into thinking they weren’t affected and that can make the damage much more potent.
Conclusion
You should always be careful about giving out personal information over the Internet. Luckily, companies have begun to employ tactics to fight against phishers, but they cannot fully protect you on your own.
Remember that you may be targeted almost anywhere online, so always keep an eye out for those “phishy” schemes and never feel pressured to give up personal information online.
Read next >>> 4 types of scam emails to watch out for
QuoStar ranked as one of the world’s top managed service providers 2024
Since its inception in 2005, QuoStar has been on a mission to bring enterprise-grade IT services to businesses of all sizes. Nearly two decades later, its focus on excellence, partnership and client outcomes remains as committed as ever. Our CSAT scores, averaging at 98%, suggest that our clients approve of what we are doing, and […]
The realities of remote working
Remote working has been around since communications have been available to the roaming and remote worker, in general terms. It’s been pushed and pulled by small, medium and large-sized enterprises. It’s been claimed as the future of working and also criticised as the destroyer of efficiency and culture. But there’s one important question that has […]
Web browser vulnerability puts web users at risk of phishing attacks
Even the most careful Internet users could be at risk from a recently identified phishing attack, which a Chinese infosec researcher has described as “almost impossible to detect”. It has been warned that hackers can use a known vulnerability in the Chrome, Firefox and Opera web browsers to display their fake domains as legitimate websites, […]