Phishing has become a famously practiced evil in the current day internet. Today I just want to give you and me tips for fighting phishing. Let me begin by defining phishing. Phishing is the practice of sending messages to people while pretending to be from a reputable organization, to obtain personal information for misuse
What information does the attacker often seek to obtain while phishing?
The attacker’s aim is to obtain information like passwords, usernames, ATM card details, company documents, the victim’s location, and a lot more. After obtaining this information, the attacker goes ahead and puts it into use by either hacking an account and creating damage; probably rendering it useless. He may as well damage the company reputation by sending damaging emails to partners. There are instances where by the attacker traces the victim for more dangerous action such as murder.
What I have mentioned above is just a little of what an attacker can do, there’s a lot more. This is the main reason why you have to be vigilant.
What are the different types of phishing?
Watch out for my next article on the different types of phishing. I would love to give a brief list right here just to keep your mind ready to discover the well-explained types of phishing.
- Whaling
- Deceptive phishing
- Spear Phishing
- Vishing
- Pharming
- Smishing
Let’s take a look at different ways of fighting phishing
Avoid clicking links you are not sure of. Instead of clicking on the link, just hover your mouse over the link without clicking on it. Once you do this, you will be able to highlight the exact link you are being led to and compare. After verifying, simply copy and paste the link into a safe browser to analyze. Attackers often lure you to click links incorporated in their malicious emails. Through this, they can make you enter your information on fake forms that appear to be from legitimate websites.
Throw the email away if you are not sure of it. One of the rules in fighting phishing is disposing of anything suspicious. You may be asking questions about this, but it protects you from harm caused by phishing attempts like spoofing. There are instances when an attacker uses the legit information to lead you to a false website. This includes creating emails having a mixture of both malicious and benign code to deceive you to clicking a link
Look out for the signs of it being a phishing email and take action. Many signs will show that it is a phishing email. The list below will help you in identifying if it is a phishing email
- Poor grammar
- Disguised links
- Overwhelming offers
- Requests for personal information
- Unfamiliar greeting tones
- Sense of urgency
- Suspicious attachments
When fighting phishing, Verify the domain in which the email originates from. Most attackers will use a feck domain to lure you into falling prey of what they want to do with you. They may send you an email with the domain extension .com instead of .org Let’s say the attacker is pretending to be from UNHCR, his deceptive email will be james@unhcr.com instead of james@unhcr.org. Always check out search engine results to verify if the domain is truly legit
Do not scan suspicious QR codes. Attackers have discovered the practice of hiding links behind QR codes to lure you into handing in your information. Do not scan a QR code that is suspicious. You should stay safe by missing out on those attractive offers given by fraudulent companies that want to steal your information. If you want to learn more about QR code phishing attacks, click on the button below
Use phishing tests to get familiar with phishing. Phishing tests such as the Jigsaw or Shira app phishing test will help you get familiar on how to identify phishing attempts in all apps. Click on the link to take a phishing test with the Shira app https://shira.app/ or take the jigsaw phishing test https://phishingquiz.withgoogle.com/
Avoid subscribing to services you are not sure of. Subscriptions give way to companies sending us fraudulent emails. If you are not sure of the service and the safety involved in acquiring the service, please do not subscribe to it
Stop sharing pictures of your documents in public. Whereas there are situations that make us share documents in public, we must avoid those situations by all means. Imagine your phone number being listed in your social media account and you being prone to phishing messages. I understand that sometimes it is because we want to carry out business but why don’t we get dedicated business numbers? Sharing your number in public completely lures you to scammers. Some apps give provision for us to share our Curricula Vitae but this is unsafe because a curriculum vitae exposes your entire life including your email which is a gateway to phishing attacks
Don’t click on that pop-up you are not sure of. Popups contain links to malicious sites and those links lure you to hand in your personal information or even download viruses on your device
Install an anti-spam protection. If your email has a spam filter, at least we can be sure that all emails suspected to be dangerous will be filtered and placed in the spam folder
Do not download suspicious attachments. If you are not sure of the attachment, and even the email that it came with, then you shouldn’t think of downloading it. If you have a dedicated computer for investigation then you should download it using that machine to avoid falling victim to malware
Log out all emails from public computer centers and as well delete possible login histories. Attackers will make use of emails that are open or even use login histories to send us malicious emails. Before exiting a public computer center, ensure you log out of all emails. In scenarios where there is a power blackout, use your mobile device to log out of all devices by doing this;
- Login into your Gmail account and scroll to the bottom
- In the lower right corner, select the details
- You will see a list of places where your account has been logged into. The devices have corresponding IP addresses.
- Click visit security check-up
- This will show all the devices you logged into. Beneath the device name, click Remove
Stop clicking on email images without verifying the source links. These images have hidden links behind them that could be malicious
Block emails that contain tracking pixels. Tracking pixels assists the sender in monitoring your account activity and viewing everything that you do including your IP address. You can block these emails using browser extensions like ugly email. Once you have installed this extension, you will see an eye near the subject of every email that contains tracking pixels
Download apps from legitimate sources. Attackers love using fake apps to spread malware through popups. You should download apps from legit stores like Playstore, and Microsoft Store. But even as you download these apps, you must be careful in order not to download bugs
Install an antivirus on your device. Antiviruses like Kaspersky often block suspicious pop-ups that display when you visit sites. Install such an antivirus so that you are protected full-time
How to install Kaspersky anti-virus as a way of fighting phishing
I could list hundreds of techniques here but I will just list down additional links that will help you get additional ways of preventing phishing attacks
- https://www.lepide.com/blog/10-ways-to-prevent-phishing-attacks/
- https://www.cloudflare.com/en-gb/learning/email-security/how-to-prevent-phishing/
- https://www.kaspersky.com/resource-center/preemptive-safety/phishing-prevention-tips
- https://www.phishing.org/10-ways-to-avoid-phishing-scams
Leave a Reply