How to protect yourself from phishing

Phishing Protection

How to protect yourself from phishing

Phishing protection: Phishing attacks have been a widespread problem, posing a huge risk to individuals and institutions. According to Garner, According to Gartner, phishing emails will continue to be the primary method used by advanced attacks.

What is a phishing attack?

it’s an attack vector that cybercriminals use it mainly for identity theft, which they manipulate users to hand over their personal and sensitive information.  It is a sort of social engineering attack which is mainly initiated via email. For instance, in many cases, cybercriminals sent out warnings to users manipulating them to change their passwords, but redirecting them to a fake website in an attempt to harvest their credentials.

Sometimes, cybercriminals launch phishing attacks to collect information for a sophisticated and successful enterprise attack. Since, humans element is the weakest link in the security chain, that over 95% of successful cyber attack results from human error. [1]  cybercriminals aim especially financial institutions as effective targets.

Phishing protection: Follow the tips below.

1. Beware of phishing attacks, it can happen any time

It is possible to reduce the risks of phishing attacks by checking your emails with care and looking the signs for phishing scams. Also, it is important to be careful while browsing online and see the phishing signs.

Beware of emails asking for confidential information or login credentials.  Legitimate organizations like financial institutions never request sensitive information by email.

Even if it appears to be from a known, trusted source, never click on links, download files or open attachments in emails or on social media. Call the sender and verify email before doing anything on it.

Never click on links in an email to a website unless you are absolutely sure that it is authentic. When necessary, type the URL into an address bar in the browser to see it is a real website.

2. Browse only safe web addresses

Today many web browsers already include security features to help you stay safe online. These built-in browser tools can block annoying pop-ups, send Do Not Track requests to websites, disable unsafe Flash content, stop malicious downloads, and control which sites can access your webcam, microphone, etc.

  • Chrome:  Settings > Advanced > Privacy and security
  • Edge:  Settings > Advanced settings
  • Firefox:  Options > Privacy & Security
  • Safari:  Preferences > Security and Preferences > Privacy [2]

Visit web addresses that start with HTTPS.  HTTP (Hypertext Transfer Protocol) is the fundamental protocol for sending data between your web browser and the websites you visit. And HTTPS is just the secure version of this. (The “S” simply stands for “secure”.) It is often used for online banking and shopping because it encrypts your communications to prevent criminals from stealing sensitive information like your credit card numbers and passwords.[2]

Check for the  HTTPS and green padlock icon in your browser’s navigation bar. If you do not see it, then the site you’re on is not using a trusted SSL digital certificate, you should never submit sensitive information, such as credit card details.

pad lock phishing protection

If you don’t see the padlock, take your shopping elsewhere (Source: AVG)

Moreover, you should never use public, when Wi-Fi spot for important transactions such as banking, shopping or entering personal information, instead use your mobile connection for phishing protection.

3. Fake email content

As they are not professional proofreaders, cybercriminals often make mistakes in phishing emails. Therefore, phishing emails are generally obvious due to plenty of grammar errors, redundant words in capitals.

 

An example of fake email content (Source: makeuseof)

Read your email carefully, and find out if the content has grammar errors for phishing protection. Also, email content can be intriguing to arouse the interest of the users for manipulating them into clicking on the fake link in the email content. If you suspect the content, delete it.

4. Shortened links

Cybercriminals often use shortened links to manipulate you into thinking you are clicking a legitimate link, however, you can inadvertently be redirected to a fake web address. You should always place your mouse over an address link in an email without clicking, to see if you’re actually being sent to the right website.

Phishing protection shortened links

Link shorteners cybercriminals mostly use (Source: loookinglasscyber)

If you click on the fake link, you can inadvertently be directed to a fake web address in which once you have entered your credentials such as name, surname, email address and passwords and so on,  cybercriminals get your all details. At the same time, you can download a malware from this fake page, which can result in giving your entire system into the hands of cybercriminals.

5. Beware of threats and urgent messages

Usually, threats and urgent messages such as “change your password quickly” especially if they are coming from a legitimate company are a sign of phishing attacks.  Please, be reminded once again not to respond to suspicious emails asking for personal information, or demand you act quickly to do something even it is coming from a legitimate source.   Cybercriminals can send forged emails using fake email IDs or by hacking into email accounts since they try to get your personal information and use any means necessary to get you to respond.

Most urgency email easily to lure victims to click on the embedded link. Below are examples of subject lines to be cautious of [3]:

  • Urgent Action Required
  • Your Account will be Deactivated
  • Change of Password Required Immediately
  • Password Check Required Immediately

6. Use Keepnet Labs Modules for phishing protection without any charge.

Phishing Simulation

Phishing simulator replicates many of the real-world threats such as Spear Phishing, malicious Macros and Ransomware, with customizable campaign templates. Keepnet Labs’ dashboard provides insights into simulation statistics, actions, and schedules.  

Security Awareness Training

Keepnet Labs recognizes the power of experience-driven, targeted and continuous training that affect behaviour change. You can use free awareness educator to measure the effectiveness of existing cybersecurity awareness training with pre/post attack simulations.

Cyber Intelligence

Cyber Intelligence Module automatically searches against leaked databases for possible sensitive data leakages, compromised access information, fraudulent domains, and implanted malware and it generates alarms if any leak is detected.

Resources

[1] https://www.securitymagazine.com/articles/85601-of-successful-security-attacks-are-the-result-of-human-error

[2] https://www.avg.com/en/signal/website-safety

[3] https://www.polyu.edu.hk/its/general-information/newsletter/137-year-2017/oct-17/691-beware-of-phishing-emails-sent-by-polyu-users

 

Share this post