Phishing is a type of cyber attack in which the attacker attempts to obtain your private information using fraudulent websites and spoofed emails. Typically, a phisher will send a legitimate looking email that claims to come from a company which you have an account with, such as a bank or social network. The email may ask you to update your account details, or may send you to a fake website which will steal your private information. Here are six ways you can protect yourself from phishing scams and avoid your personal data from being stolen.
- Be suspicious of emails that ask for private information
A legitimate company such as your bank will never ask for personal information through email. Beware of any emails that ask for passwords, account numbers or credit card details, especially if they sound generic. An email starting with 'Dear customer' from a company that knows and uses your name in correspondence is usually a warning sign of a phishing email sent en masse. Never respond to such emails and call the company for clarification.
- Never use links or phone number provided in emails
Never use a link provided in an email to connect to a website, but instead type the URL yourself into the browser. A phishing website that will steal your data can look indistinguishable from the original, so look at the address bar to make sure that you are on the correct website. The same applies for phone numbers provided in emails. If you are asked to call a phone number and provide personal data, use the one from the official correspondence with that company.
- Beware of urgency and threats
Phishers often use scare tactics, such as threatening to terminate your account if you don't authenticate immediately, or asking you to change your password quickly after a cyber attack. Urgency and tight deadlines are usually a sign of phishing, and you should contact your company directly to verify if the email you got was genuine.
- Check the URL
The 's' at the end of https stands for secure, and it means that all the communication with a website is encrypted, and even if a hacker were to intercept it, they would be unable to decrypt the data. This type of connection is often used to protect confidential transactions such as online banking. Make sure that any website in which you insert information such as your credit card details uses a secure https connection.
- Watch out for spear phishing
Traditional phishing targets a large number of victims at the same time. The recent years have seen the emergence of spear phishing, a type of cyber attack targeted at particular individuals. A spear phishing email might use your name and refer to a particular purchase of social media comment you recently made. It may even sound like it's coming from one of your friends. Because of the familiarity of the email, spear phishing is much easier to fall prey to. If a friend or a company asks you for private information in an email, call them to make sure the email was legitimate.
- Use anti-phishing software
Anti-phishing software can identify phishing content in email and websites, and block it. This type of software works by comparing a URL to a list of known phishing URL-s, which is updated regularly. A lot of web browsers nowadays come with integrated anti-phishing functionality, but in order to take advantage of this, you have to make sure your browser is always kept up to date.
In order to avoid phishing scams and make sure that your data is kept safe, never respond to emails asking for private information, not matter how legitimate they sound, and never click on links provided in emails. Be suspicious of messages that have a tone of urgency as this in often a scare tactic cyber-criminals use. If you suspect that you have received a phishing email, make contact with the company or person it claims to come from, to verify the email's legitimacy. Last but not least, use anti-phishing software which can detect fraudulent content and block your access to it.