Phishing is the act of attacking someone’s computer or mobile with the aim to get a hold of their private information and even money too. The vulnerable information that gets exposed as a result of such an act includes your bank account details, your credit card number, and even passwords that you might have thought would be difficult to break down.
Getting you off your seats in panic is not what we aim to do; rather we have gathered enough information that is going to cover everything from how to identify phishing to how to prevent it.
How to Identify a Phishing message/email?
Phishing is not a new term when it comes to cybercriminal activities. It is known for its effectiveness. Cybercriminals have a way of tricking us into revealing our sensitive information through emails, messages, direct messages on social media, and even though the least suspected channels, for instance, video games. You will find numerous phishing email examples on the web too, do have a look as it will help you develop an understanding of how phishing emails work.
A few and basic ways, as per Harvard, on how to identify if you are becoming a victim of such an act, are mentioned below:
Urgent Acts:
It is quite common to see such messages demanding immediate action to receive a call and that’s your cue right there. Do not fall for such red flags and pay heed when faced with such messages.
Unusual Senders:
Receiving an email from an unknown source is another warning sign for you to make sure that the sender is not a scam before revealing any personal information. Think twice before opening a file sent by someone you don’t know.
Bad Grammar:
Professional organizations make sure to use correct grammar while getting in touch with you. But know that it might be a phishing email if the words don’t make much sense. Many scammers usually leave trails of their incompetence by using incorrect tenses or poor sentence structure. Keep an eye out for such mistakes.
Generic Greetings and Unusual Attachments:
People that have worked with you before are most likely to address you with your name, while a phishing email will definitely address you with “Dear Sir/Madam”.
The links attached in such emails are also a scam. It can be checked by placing the cursor on the link and if both the links don’t match:
Two Simple Rules to Follow:
Forbes recently published two simple rules that you can follow in order to avoid being a victim of phishing:
Rule no.1: Don’t click on links without thinking!
Fraudsters scam people in a variety of ways. Phishing emails are designed in a way to trick you into clicking the given link. The email will be composed of words that are going to first raise curiosity and then push you into clicking the link provided. Next thing you know, you’ve landed on a malware page where you’re personal information either gets exposed or the browser is bombarded with downloads that you didn’t even approve.
The links sent in such phishing emails are not what authentic links look like. And even if the link is authentic, it is always a safe option to open it from your own browser or from the bookmark that you might have saved. If something of this sort is not possible, try contacting the relevant people yourself so as to be sure that you are not falling for a scam.
Phishers have an abundance of tricks to get you into clicking that link in some way or another. They might also use PDFs containing such links that have huge chances of being clicked as a PDF file is most of the time considered legitimate.
Rule no.2: Avoid Taking Attachments From Unknown People!
A malware installation is as simple as opening an attachment. It is always recommended to never open attachments being sent from strangers. It is a real problem that arises when the nature of your job is to receive emails containing such attachments. It is suggested to avoid clicking links having extensions .exe but then again, the phishers have a way of getting around this too by adding .doc or .pdf at the end of such links. Even if such links do not seem out of the norm, it is always safe to check the authenticity on your own before jumping into anything. Better safe than sorry, right?
What to do if you think you have been phished?
According to Microsoft, a few things that you can do if you think you have been phished are listed down below:
- While it’s still fresh on your mind, note down all the details that you have shared with the phisher. May it be your username, your password, account details, and every tiny detail you might have provided.
- Change the passwords of the accounts shared, and anywhere where you might be using the same password. But make sure of creating unique passwords for every single account.
- Apply two-step verification for every account you can get a hold of. For further information, see: What is: Multifactor Authentication.
- If this attack is affecting your work, get in touch with your IT department. If you also provided the phisher with your bank account or credit card details, it would be a good idea to alert them too.
- If you have lost money to the phisher, or have fallen victim to identity theft, try to report it to your local law enforcement as soon as possible.
Conclusion
Phishing is quite common nowadays and is advancing at the same speed as new ways are being thought of to tackle it. Phishers have got quite a few ways of getting people into falling for their trap.
It is always a good idea to check the authenticity of the emails being sent your way especially if it is from an unknown or an unusual sender. Do not give out your sensitive information to anyone as you might not know where your information is heading.
By following the rules and steps mentioned above, we are sure you are not going to fall prey to the phishers. The best advice is awareness and looking mindfully into the situation.