How To Avoid Phishing Scams
Phishing is a type of cybercrime where scammers send out fake emails or message campaigns. They use fake and often convincing URLs and domains to mask themselves as legitimate institutions.
Once a victim clicks on any such message or emails, they’re redirected to a fake website that’s specially created to collect sensitive user data or it will install a series of potentially unwanted apps and take over the device’s host files.
The word phishing is a spin-off of fishing. Like the sport, phishing also uses lures to catch users on the internet. You’ll see a lot of pop-up messages or suspicious emails when you connect to the internet. However, emails are the most frequently used channel.
If you’re tricked into clicking such links, ads, or attachments, it’ll lead to the installation of one or many types of malware, including but not limited to ransomware, rootkits, and spyware. Negligence can even lead to other serious problems like identity theft and financial losses.
The best way to spot a phishing attack is by being cautious and verifying the source before submitting sensitive information. Moreover, using an antivirus suite can also help you stay protected from many phishing scams and other similar cyberattacks.
The most-effective way to spot a phishing scam is by carefully reviewing the contents of the message or the email. Here are some potential red flags:
- The email isn’t directly addressed to you. For instance, if you receive a mail from a service provider, they’ll address it to you as Dear [Name]. Hackers masquerading as legitimate entities send chains of generic emails wherein most emails will start with Dear Customer. Keep a note of this as companies mostly use your first name as an identifier.
- Focus on grammar and sentence formation. Most scam emails are easy to spot because of the content.
- Hover the cursor on the hyperlinks to get a fair idea of the URL. When you do this, you can see the URL path that’s linked to the text or the CTA. This can help you decide if you want to click on it.
Focus On The Address Bar
It’s a fact that all domains are unique and there’s no chance of replicating them on the URL-level. Yet, hackers add or remove a few letters or numbers to make the URL appear like a legitimate company. A quick check will help you spot the difference.
- Double-check the sub-domain portion of the URL. For instance, .com, .au, .uk, and .net among others are the domain. Anything after www. and before .com is the sub-domain. Pay close attention to the address bar and you’ll be able to spot the scams. Here’s an example. www.netflix.com is a legit entity, hence www.billing.netflix.com is an acceptable subdomain. But if it were www.netflix.billing.com, it’s probably a fake website.
HTTPS All The Way
Replica websites don’t necessarily use the HTTPS protocol, and in today’s internet, it’s required and enforced by Google and other search providers. HTTP (Hypertext Transfer Protocol) is secure, but HTTPS provides encryption that’s even more secure.
With HTTPS-enabled websites, your data is encrypted with AES 128-bit or 256-bit encryption that makes it nearly impossible for hackers to decrypt sensitive information. When you click on a website, the search engine should auto-notify that you’re trying to visit an unsecured site. If not, look at the top-left corner of the address bar. If you don’t see a lock, just leave the website for your security.
Be Careful Where You Click
One of the most common ways hackers access personal data is by tricking users to click on links or attachments in emails and pop-up ads.
Don’t follow the connection if you receive unwanted notifications from your bank or service providers to follow a request and log into your account.
The best way to visit a website, especially banking websites, is by manually typing in the URL on the address bar.
- Clicking on spoof links can have devastating consequences. For instance, a group of hackers stole millions using Google Ads. They redirected unsuspecting users searching for blockchain products to fake sites (bockchain.info, blokchein.info) of the blockchain company www.blockchain.info.
Always Consider The Source
Just right-click and copy the link address. Then, use the Sucuri SiteCheck or urlvoid.com websites. Just paste the copied link and it’ll tell you if the link is safe to visit. However, note that these are free tools, thus the accuracy might not be on point every time.
- A recent scam came to light when MyUniversity staff received a spoof email asking them to reset their passwords using a link. The link displayed was myuniversity.edu/renewal, but when users clicked on it, they were redirected to a bogus website called myuniversity.edurenewal.com. Once the users reset the password, the hackers stored the session cookies and accessed everything on the security network leading to a major data breach.
How To Protect Yourself?
The adage “prevention is better than cure” fits perfectly in this context. While you can use antivirus solutions and firewalls for security, the easiest way to prevent phishing is by staying cautious. Here are some things you can do:
- Stay Informed – New phishing scams are being devised daily. Without staying informed about the newest threats, it can be difficult to spot scams. Subscribe to a newsletter to stay updated.
- Install An Extension – Install a secured browsing extension or use a dedicated browser like Tor. These toolbars can run real-time scans and alert you of malicious codes and phishing attacks.
- Verify The Website Security – Check if the website features a lock icon and has HTTPS encryption. If not, it’s better to not visit that website.
- Use Firewalls & A VPN – Configure the built-in firewalls to better control the incoming and outgoing connection requests. Additionally, you can also use a VPN for enhanced security from phishing attacks.
There are different types of phishing scams, but emails, messages, and click-bait are used frequently. You can keep yourself protected from these attacks if you stay careful and verify the emails and messages received. Don’t click on links you don’t recognize and use third-party validation tools if you’re ever unsure.