As businesses move to digital platforms, persistent cyber threats continue to compromise personal information using tactics such as phishing.
Phishing is the process of masquerading as a trustworthy entity in electronic communication — typically via email — in a fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details. A 2017 survey reported that over 75% of its respondents have experienced email phishing attempts. This shows just how much email inboxes are targeted.
Starting as early as the mid-90s, hackers leveraging America Online (AOL) services would bait and steal users’ credentials. They used an automated tool known as AOHell. This software enabled bad actors to “phish” for data by sending authoritative or manipulative messages to users. This is when the term was originally coined.
Despite its primitive origins, phishing has endured throughout the decades. In fact, it has only increased in frequency and sophistication. All because it works. But what is the key to its success?
Phishing targets the weakest link in the cybersecurity chain – the human user.
This leaves the average person at the mercy of unscrupulous cyber criminals who have perfected their phishing tactics to exploit any vulnerability.
What, then, can you do to protect yourself against phishing attacks?
Learn the lingo
Email is the most common vehicle for phishing. Educating yourself with the common phrases, grammar, and techniques of phishing will help you identify red flags.
Look out for phrases like:
- “Urgent request”
- “Verify your account”
- “Final warning”
- “Your account may be compromised”
These are scare tactics. They are used to trick you into providing your personal information and/or login credentials.
Also, be wary of poor grammar. Any legitimate business that is contacting you
(1) would not request personal information via email, and
(2) would not send messages that contain poor grammar or spelling errors.
Think before you click
Phishing emails may contain a malicious attachment or link. Always be suspicious of any strange email. Take pause, even if it appears to be from a familiar person or entity. If the email does contain a link, hover your mouse cursor over the link to show where it directs to. If you’re not familiar with the site or if it differs from where you’d expect to go, don’t click!
You can also open a new web browsing window and type in the real URL yourself. You should be able to sign in to your account and view any real notifications from the sender without clicking on the link provided in the email.
Look for the padlock
Before submitting any personal information into a website, make sure the URL begins with “https” and look for the “padlock” icon near the address bar. If you get a message stating a website may contain malicious files, do not continue navigating to the site.
Keep your systems updated
Important system and application updates are frequently released in response to gaps in security which are discovered and exploited by bad actors. The moment an update is made available, download and install it to secure your system.
Use antivirus software
Even with other precautions, some malicious code may still be downloaded onto your system. Install and regularly update antivirus software to safeguard against this. Use anti-spyware and firewall settings for extra protection. This will protect against more advanced phishing attacks, as well as other common cyber threats.
The weakest link in the cybersecurity chain is the human user, so the best way to protect yourself against phishing attacks is to be informed. Read our post about phishing email and internet scams. Look for the red flags. Keep your system and security software updated. Recognize the risks and protect yourself against becoming a victim of phishing.
Stay informed with industry-relevant emails curated by our team of experts.
We send out emails once or twice a month relating to IP Services, industry news, and events we'll be attending so you can meet our experts in person.