Win the fight against phishing attacks with these 5 tips
Phishing messages are among the biggest threats on the Internet. Most of these attacks occur via email, where the attacker poses as some trusted person or company from the contact list and sends a message with a link or attachment that requires a download. Unadvised users access these files and have their machines hacked. Intel did a survey of internet users around the world and found that 97% of users do not know how to identify a phishing attack.
To get away from this statistic and avoid having your company’s machines attacked, we have prepared some tips that can help you:
What is phishing?
The word phishing was coined around 1996 by hackers stealing America Online accounts and passwords. By analogy with the sport of angling, these Internet scammers were using e-mail lures, setting out hooks to “fish” for passwords and financial data from the “sea” of Internet users. Phishing is an online fraud attempt that uses “bait”, i.e., gimmicks to attract the attention of an individual to make him/her perform a certain action.
If individuals “take the bait” they may end up revealing their bank details or other confidential information to strangers, only to realize later that they have been a victim of fraud. Furthermore, they could contaminate their computer or smartphone with a virus or other malware.
How to spot a phishing email
Scammers generally use users’ emotions to get them to respond to the message, revealing the information they want to obtain.
1. Pay attention to the sender
According to the Return Path consulting firm, more than half of phishing emails spoof the email from a trusted sender. The first way to identify a fake message is to check the sender’s address. A classic example is that the display name simulates that of the company, but the domain is completely different. Stay alert!
2. Subject
The criminals’ goal is to get people to open the message. To do this, one of the main tactics is to insert alarmist messages in the “Subject” part of the e-mail. Account suspension, promotions, debt collection, budget requests, and even alarming news about Covid-19 are some examples of topics used to attract victims.
3. Spelling mistakes
If you open the e-mail, analyze the message. Try to find any spelling mistakes. Texts with spelling errors can be an important indication that the e-mail is a scam.
4. Contact information
When the email is legitimate, there is more information about the company, such as other ways the user can contact you. Look out for the signature, if there is a phone number, or other ways that the user can resolve the problem reported in the email, rather than just clicking on the link in the message.
5. The urgency
Most phishing emails use words or phrases that convey urgency in the action the user is intended to take. The use of these words in the text of the email aims to get the user to click on the link, disregarding the necessary precautions. Pay special attention to emails that contain the words: Urgent, Important, Payment, Delayed, Expired, Attention, Security, etc.
Don’t click on any links
The golden rule to avoid becoming a victim of a phishing attack is simply not to click on links in emails or messages that ask you to log in. Even if you are being notified that your password has been stolen or hacked or that your account is about to be deactivated, don’t be tempted. In most cases, messages of this nature are fake.
There are also phishing attacks that target Facebook, Gmail, Amazon or Apple accounts, among other services (where the user may have credit card data associated).
If you doubt the veracity of the information, open a new window and directly access your account on those services – never copy the link from the message.
If there is a problem, you can see it directly on the platform and never through the email.
Phishing beyond e-mail
Phishing websites: Phishing websites, also known as spoofed websites, are fake copies of trusted real websites. Hackers create these fake sites to trick users into entering their login credentials, which can then be used to log into their real accounts. Pop-ups are also a common source of phishing websites.
Smishing: Smishing is phishing via SMS. You receive a text message that requests to click on a link or download an application. But doing so will download malware on your phone, which can steal your personal information and send it to the scammer.
Vishing: Short for “voice phishing”, vishing is the audio version of Internet phishing. The hacker will try to convince victims over the phone to divulge personal information that can later be used for identity theft.
Social Network Phishing: Some attackers can access social media accounts and force people to send malicious links to their friends. Others create fake profiles and use these profiles for phishing.
I have been the victim of a phishing attack: What should I do?
If you suspect you have responded to a phishing email with personal or financial information, take the following steps to minimize any damage:
Change the information you disclosed. For example, change passwords or PINs for the account or service you think may have been compromised.
Check bank and credit card statements regularly for unexplained charges or inquiries that you did not request.
Contact your bank or service provider directly.
Contact the authorities.
Always stay protected
Phishing e-mails succeed only with the most inattentive people. Now that you know how to spot phishing e-mails and what to do if you suspect you are being targeted, you are much less likely to fall for these tricks. Remember to be careful with personal information when using the Internet and be cautious whenever someone asks for confidential details about your identity, login information, or financial data.
Newsletter!
Subscreva a nossa newsletter e receba semanalmente todas as atualizações, com bónus de um ebook diferente todos os meses!