Asset 19
Protecting Against a Phishing Attack
 

Protecting Against a Phishing Attack

Quite simply, “phishing” is a tactic used by cybercriminals to collect sensitive information from unsuspecting users. Deceptive emails, texts and instant messaging alerts are sent to potential victims encouraging them to share their confidential data. As a report from the Anti-Phishing Working Group (APWG) revealed, there has been a notable rise in the number phishing attacks. It’s a widespread problem that poses a huge risk to individuals and organizations. The best defense is awareness and knowing what to look for. These tips can help in protecting against a phishing attack:

1. Be sensible.

You can significantly reduce the chance of becoming a victim to a phishing attack by being sensible and smart when browsing online and checking emails. Never click on links, download files, or open attachments in emails (or on social media), unless you are absolutely sure that it's authentic. When in doubt, open a new browser window, and type the URL into the address bar. Also, be wary of emails asking for confidential information, particularly personal details, or banking information. Legitimate organizations, especially your bank, will never request sensitive information via email.  

2. Beware of shortened links.

Pay particular attention to shortened links, especially on social media. Cybercriminals often use these to trick you into thinking you are clicking a legitimate link, when in fact you’re being inadvertently directed to a fake site. Cybercriminals may use these fake ‘sites’ to steal personal information that you entered or to carry out a drive-by-download attack, thus infesting your device with malware.  

3. If that email looks suspicious, read it again.

Typos and bad grammar are major red flags. If an email message has obvious spelling or grammatical errors, it could be a scam. These errors are sometimes the result of awkward translation from a foreign language, and sometimes they're deliberate to evade filters that can block these attacks. Impersonal greetings such as ‘Dear Customer’ or ‘Dear Sir/Madam’ are also a clue. An organization that does business with you will know and use your actual name.  

4. Beware of threats or urgent deadlines.

There are instances when a reputable company does need you to do something urgently. For example, in 2014, eBay asked customers to change their passwords quickly after its data breach; however, this is an exception to the rule. Creating a false sense of urgency is a common trick of phishing attacks. Typically, threats and urgency, especially if coming from what claims to be a legitimate company, are signs of phishing. Be suspicious of emails that claim you must click, call, or open an attachment immediately. Often, they'll claim you must act now to claim a reward or avoid a penalty.  

5. Use HTTPs when browsing.

Whenever possible, use a secure website (indicated by https:// and a security “lock” icon in the browser’s address bar) to browse, especially when submitting sensitive information online, such as credit card details. Never use public, unsecured Wi-Fi for banking, shopping, or entering personal information online. If you think that you may have inadvertently fallen for a phishing attack, there are a few things you should do:
  • Report the message.
  • Delete the message.
  • While it's fresh in your mind, write down as many details of the attack as you can recall. Try to note any information such as usernames, account numbers, or passwords you may have shared
  • Immediately change the passwords on those affected accounts, and anywhere else that you might use the same password. Create unique passwords for each account.
  • If you've lost money, or been the victim of identity theft, report it to local law enforcement.
If you suspect that you've been the victim of a phishing attack, we can help.  Contact us.