Michael has a Newcastle University Certificate in Cybersecurity and experience in combatting cybercrime.
How to Avoid Phishing Scams
Phishers are cybercriminals who use online tactics and methods such as brand hijacking and email correspondence with manipulation and even intimidation in order to take advantage of unsuspecting victims. The goal is to steal private information and use this as a means of obtaining whatever they want.
They typically begin by gathering and compiling a long list of recipients before dispatching the spam emails. Each message they send is designed to appear as if originating from a reputable company or organization such as an online retail company or a financial institution.
They try to gain your confidence so that you can take immediate action on whatever instructions they give you. The email will typically instruct to click on a link provided. This will then direct you to a bogus site where they collect your login details when you sign in.
Another tactic is to plant spyware viruses in your computer system, which remain dormant, monitoring your online browsing activities until the opportune time comes. This is the moment you visit a site that requires you to log in.
As soon as that happens, the virus springs into action. It either diverts you to a bogus site or records your keystrokes as you type in confidential details like your username, password, and other sensitive data.
Without anti-phishing software, this form of criminality can become a very real threat. Fortunately, if you want to avoid being the next victim of identity theft, there are steps you can take to protect yourself.
1. Stay Informed
A lot of people fall into the trap that these cybercriminals lay due to the fact that they are uninformed concerning the realities of cybercrime and how these scammers operate.
To be forewarned is to be forearmed. If you have knowledge about how spam emails and spoofed websites work, you will be in a better position to guard yourself against falling victim to phishing attempts since you instinctively know what to look for. You will be able to recognize the signs in the email messages and other social media correspondences you receive.
Despite the fact that the email contains the correct company logo, graphics and colour scheme, perhaps something is off concerning the language used. You will spot the spelling mistakes and the suspicious sentence constructions.
You will also see that the request itself is suspicious because a legitimate company would not request you to verify your personal information or account details via e-mail. Therefore, always be on the alert for messages that ask you to go on a website to verify or update your passwords, credit card numbers, social security number, or even your bank account number.
Just as you keep yourself informed on local or international news and current affairs through the media, it is necessary to stay abreast of the prevailing trends in cybercrime. This includes contemporary strategies and methods that phishers use to take advantage of unsuspecting victims.
The internet abounds with reported cases in the form of articles, reports, documentaries, and so forth, from which helpful details can be gleaned concerning what is happening on the scene and how you can guard yourself.
2. Check for Impersonality
Spam emails are usually sent out en masse. Unlike other sophisticated forms of fraud, it costs nothing to reach an unlimited number of people via email. Criminals are aware that most people will not react to the message and that it will likely end up in their spam folder.
However, what they are trying to do is to use the principle of compound effect to their advantage. They are not considering the hundreds of thousands who will ignore the message. Their focus is on netting the tiny percentage that will.
Due to the fact that these messages are dispatched en masse, they will typically be generic. This is another red flag to watch out for. A phishing email will tend to be impersonal. It will usually lack details that you can relate to as being current and consistent with the relationship you have with the company as a customer.
If a message is authentic and genuinely comes from a legitimate service provider of which you are a customer, it should contain the proper names you registered with. Some companies include the customer number and other identifying details as well.
3. Process and Evaluate
Don't allow the urgency of a message you have received move you into taking drastic action before you have given yourself enough time to think through everything carefully.
These cybercriminals have experience in preying upon people's fears and they will use any means possible to ensure that a recipient gets hooked into doing what they want. They may warn you that something terrible is about to happen to (like shutting down your account) unless drastic action is taken.
The nature of the "emergency" could be different each time. But the end-game is always the same. They want to lure unsuspecting victims to the fraudulent website in order for them to enter their personal information.
Phishing emails are often constructed with the aim of eliciting a specific emotional reaction. They do not simply impart information. The objective is to trigger an immediate reaction from the person who receives it, to cause them to take action without giving them time to mentally process what they are doing.
Such emails will contain phrases like:
- Dear valued customer
- Click on the link below to access your account
- Update your information through this link
- There's a block on your account
- Your account is about to be closed
- If you do not respond within 24 hours, your account will be closed.
Always be on your guard in any situation where your personal details are involved. Exercise self-control and never allow yourself to react out of panic or intimidation. Don't allow negative feelings to take over. Remain unhurried, maintain a level head and process the situation in a clear and rational manner.
4. Take Precautions
The type of email message you receive can vary from asking you to verify your account to instructing you to change your financial information or other details. If you are the recipient of such an email concerning changes that need to be made to your account or other data, log into the official website directly without clicking on the link in the email.
As a rule, always avoid clicking on a link provided in the body of an email especially where the purpose is to access your account with a service provider. Instead, make it a habit of always visiting the site on your own from your bookmarked list or by entering the URL directly on the address bar.
Do not forward any sensitive information online via email or social media even when provided with a form or template to help you do so. Such should only be should be done directly on the website of the legitimate company you are connected with.
An important way of taking precautions is doing your due diligence. Call the company to be sure of the identity of the sender and the truth of the request that you have received.
You would be astounded at the astronomical sums that could be saved by individuals, households and corporations if someone simply carried out some due diligence before making a life-changing decision.
The importance of this comes into focus when you consider for a moment the multitude of reported cases where victims have lost their entire life savings and investments in a matter of days or hours. It takes just one misinformed decision to erase decades of hard work.
5. Confirm Before Executing
In case you have received a phishing email or suspect that to be the case, here is an easy trick you can use to check if the link that has been provided is actually genuine or not.
Simply point your mouse at the link itself without clicking and check the bottom left-hand side of your screen. The actual address of the website you are being directed to will appear there. This is how you can quickly tell if the email is legitimate or not.
Always be on the alert and seek to confirm before initiating any process involving personal information. Ensure that the sites you use are authentic before entering credit card data or other sensitive information.
Check the URL syntax to see whether it is actually correct. Spoof sites tend to have an excessively long string of characters in the header, with the legitimate business name somewhere in the string. Sometimes they will not contain the legitimate business name at all.
Also, be sure that the site is using encryption to secure the information you are entering there. This can be confirmed by checking if there is a locked sign at the corner of your browser on that page. The web address should also start with https and not the regular http.
Be vigilant when doing these checks. There are some phishing sites that place false lock icons on their pages. So you need to look at the positioning of the icon. The correct spot is in the window frame of the browser and not in the actual web page itself.
Moreover, there are some URL masking techniques that present false addresses and make them look like the real thing. So if at any point you are in doubt, do not proceed until you have contacted the site owner and verified. When it comes to cybercrime, it is much better to be safe than sorry.
6. Keep Everything Updated
Ensure your operating system and the browsers you use are updated. Install all the patches and upgrades necessary to make sure that your system is in sync with all the latest security features, tools and resources.
Many people understand the importance of keeping their systems up to date. However, the challenge is that in the heat of a busy schedule or other distractions, it becomes easy to just keep putting off the required installation.
Such delays can prove to be very costly when a virus locks onto your computer or malware corrupts your files, and it is too late to reverse the damage.
It is possible to get on a managed plan that will automatically keep all your devices up to date. If you choose not to use a managed plan, you will need to check regularly for any new software updates that need to be installed.
This does not just mean antivirus software, but also your firewall, apps like Flash, Java and web browsers which can leave you vulnerable if they are not kept up to date.
This article is accurate and true to the best of the author’s knowledge. Content is for informational or entertainment purposes only and does not substitute for personal counsel or professional advice in business, financial, legal, or technical matters.