Phishing 101: What You Should Know
As technology progresses, phishing and hacking attempts are ever growing. Getting caught by a Phisher-man can happen to anyone who has access to technology, especially those that do not know the proper signs and precautions.
In an increasing world of technology, online theft, fraud, phishing, and hacking are all a matter of concern. Every year, millions of people, families and even organisations fall victim to these scams. Furthermore, the statistics on this criminal activity soars at an alarming rate. Here are some quick facts about phishing and hacking.
- The United States has the most successful phishing attacks at about 74%.
- In the first half of 2020, there were 540 reports of data breaching in the USA.
- In 2023 alone, it is predicted that cybercriminals will steal 33 billion records.
- Americans lose 15 billion dollars annually due to identity theft.
Having your data and personal information stolen, or even worse, being a victim of full identity theft can be scary, confusing, and life changing.
Despite the scary statistics, there are ways to protect yourself from the phishing and hacking attempts of vicious cybercriminals.
What is Phishing?
Phishing pronounced ‘fishing,’ is a type of cybercrime that uses deceptive means such as emails, phone calls, text messages, and websites to steal personal identifiable information (PII). In successful phishing schemes, victims are lured into giving out personal details such as address, account details, social security number, and more.
Most successful phishing attempts happens because the sources are disguised as reputable and genuine companies, making unsuspecting individuals take fraudulent baits. These actions can take on different forms such as filling out a form, updating a password, clicking a link, or downloading a file/attachment.
How Phishing Works
The primary medium of phishing is email. Here, you receive an email from a source that you may recognize and appears reputable. For example, a financial institution, government agency, or regulatory bodies; or they may use a logo/name that looks or reads similar, further confusing their prey.
You may be asked to update certain information or provide information for the purpose of verification (your mother’s maiden name, bank details, etc.). If you provide such information, you may find yourself a victim of identity theft.
If you know the signs and take the proper precautions, you can likely avoid being a victim yourself.
Identifying Phishing Schemes
Although the idea of combating cybercrime may seem daunting and out of your wheelhouse, it is possible to at least protect yourself against it. Phishing schemes have existed for decades and will continue to exist, so it is essential for you to identify and recognize a potential attack.
- Avoid announcements or attention-grabbing headlines that are too good to be true. For example, some phishing schemes may send emails or messages announcing you as the winner of a lavish prize in a competition you never entered.
- Beware of messages with a dire sense of urgency and desperation. This is often a trick to confuse and destabilize their prey, so you surrender your details quickly and without thinking.
- Be careful with clicking links, as most links may seem reputable some are not. Instead of clicking on the link, hover over it and check for spelling errors or anything that looks strange.
- Do not open any attachments you do not recognize as they may contain embedded viruses. The only file that is always safe to click on is a .txt file.
- Also, do not open any email, file, or website from a sender you do not know or are suspicious about.
How to Protect Yourself
The internet is full of thieves trying to steal your information and commit further crimes. It is paramount that you protect and arm yourself with the right technology and tools to ensure that you are not a victim of cybercrime.
As a user of the internet and its services it is essential to stay informed and alert about the different phishing threats. This will enable you to stay abreast of how best to secure your devices. Get the necessary tools and information for you and your family to reduce the risks of further threats.
Also, as phishing and hacking trends are evolving, stay up to date with the latest technological news. This way, you will be equipped to recognize the key identifiers of an attack.
Use Multi-Factor Authentication
Multi-Factor Authentication (MFA) protects you from hacking and phishing by adding an extra layer of security before anyone can access your data.
Sometimes referred to as two-step verification, it is a security measure that requires users to provide two verification methods such as a password (the first factor) and a security token or biometric (second factor).
Two-factor authentication reinforces your cybersecurity making it harder for hackers and attackers to gain access to your information. This is because even if the individual’s password has been hacked, a password alone is not enough to pass the verification.
Regularly Check your Online Accounts
In an age streaming services, gaming, and online shopping, there are numerous applications and accounts open to an individual. From fitness and lifestyle to banking applications. However, one way to avoid phishing and hacking is to regularly check your accounts and be familiar with the various interfaces.
If you do not visit your account regularly, someone could have the chance to tamper with it. Check your account activities, number of sessions, be aware of your bank statements, and check entries to ensure that no fraudulent activity is ongoing.
Treat Lightly When Providing Personal Information
PII and other data considered sensitive and sacred. Do not give up personal information on unsecure sites, in suspicious emails, or over phone calls. Most reputable sources will never ask for PII or Financial details via email or phone call. This means if you get sent a link directly to a form asking for these details, they are likely phishing for easy targets. Additionally, unless you are a security guru, most emails are not encrypted, which means phishers and hackers can easily access your unprotected information if the proper link is clicked, file downloaded, or information is provided.
Think Before you Click
Let’s be honest, those bright blue/colored links are tempting, fast, easy, and quick. However, they can also be the surest path to ensure that your account is hacked, and your details stolen. If you are on a trusted and familiar site or email, it is okay to click a link. However, clicking on random links on open forums or suspicious domains is not advisable.
A phishing email may claim to be from a legitimate company to get you to click on a link. If you are unsure or have doubts, go to the source or contact the customer support services.
Another surefire and easy way to see if you are being scammed is by using the 'Hover Method'. The hover method consists of simply hovering over the link you may be suspicious about. When hovering over the link look for these signs:
- Is the domain spelled right.
- Does the domain lead to the root URL (some scammers will use URL's like amazon-notify.com)
- Does the URL match the senders email (ex. from Target is could be firstname.lastname@example.org - so the root link should match target.com)
Only Use Secure Sites
Before supplying sensitive information online, ensure that you are using a secure website. There are some key signs to identifying a secure website:
- Ensure the site’s URL begins with “https”
- There should be a closed lock icon near the address bar signaling the presence of an SSL certificate.
- Never download or release information from a site if you get a prompt by your browser that a site contains malware or viruses
Norton offers it's own Safe Search Browser, similarly outlined like Google. For it's customers, Norton offers a Safe Web browser extension. Whichever item you use, Norton has tailored their software to help visually show when a site has been tagged as safe or unsafe. If the site has passed Norton's muster you will see a Green Checkmark, if it is suspicious you will see an Orange Exclamation Mark, If it hasn't been tested you will see a Gray Question Mark, and if the site has been diagnosed as vicious there will be a red X.
Keep your technology up to date
One of the best ways to avoid internet fraud is to keep your technology up to date, including your browser. It is crucial to keep your browser up to date, do not ignore messages about updating your gear. The browser updates are released in response to the security loopholes that phishing experts try to exploit.
Use Security Software
Security software such as anti-phishing or using firewalls can help prevent cybercrime and keep you safe on the internet. High quality firewalls serve as buffers between you, your computer, and intruders who might steal your information.
It is important to use two types of firewall: a desktop firewall and a network firewall. These two options drastically reduce your vulnerability.
What To Do If You Become A Victim
Becoming a victim of phishing and hacking can be confusing and scary. If you fall victim, there are some steps recommended to help you take back control.
Contact Your Financial Institution Right Away
Once you become a victim of cybercrime, the first thing to do is contact your financial institution right away, informing them of your situation. Most financial institutions already have predetermined steps and protocols to curb the aftermath of these attacks.
Informing them on time means they can quickly respond to mitigate your loss. They can also possibly gain vital information about the source of the attack and hand the info over to law enforcement agencies.
Contact the Major Credit Bureaus
If you have disclosed sensitive information in a phishing attack, it is necessary to contact one of the three major credit bureaus. They will know what to do to help you. They will recommend some basic measures like pausing all your credit cards, set up a use alert if anyone tries to use your SSN on a form, etc. This will prevent thieves from causing further damage.
Report the Scam
If you fall victim to cybercrime and theft, make sure you report the scam. You will want to report it to your local police, the site that got impersonated, credit bureaus, your security provider, etc. It might not be possible to get everything back, but you may be able to stop further damage and prevent it from happening again.
Update your Security Software
Always ensure that your security software is updated to the latest version. Updating your software regularly means you are less liable to be exposed and vulnerable to internet fraud. If you don’t want to keep up on current online threats, your security software definitely will.
Run a Scan
Running a scan is another way to protect yourself if you fall victim to hackers and phishing. If you are unsure of how to do this, go to a reputable professional to have your device fully scanned. Alternatively, if you have antivirus software installed you can easily run a scan through their dashboard. This will give your PC a chance to find and remove further malware and viruses that could be flying under the radar.
Ultimately, phishing is as old as technology itself and will continue to exist and evolve. However, there are steps to take so you do not fall victim of theft or fraud. Keeping up with current trends, knowing the signs, avoiding sketchy sites and links, not submitting any PII and keeping your security up-to-date are all viable ways to help protecting your personal information and money.