Phishing is getting to be a massive problem. Scammers are getting more sophisticated at sending highly believable emails that fool people into parting with their log in details, or simply take them to a page where key-logging software is downloaded to their computer.
The recent data breach at Morgan Chase Bank that seems to have affected over 70 million people was probably the result of a phishing attack on a bank employee’s home computer.
So how can you defend yourself against phishing attacks? It’s not easy but there are things you can do to help. Beware though – making yourself safe does take some effort and you are likely to have to alter your behaviour in order to meet these threats.
- Be suspicious. If something in an email or an advert is too good to be true then it generally is
- Just because an email says it is from someone, that doesn’t mean it really is from them; so if someone sends you a link and asks you to click on it, speak to them to assure yourself that you are not being phished
- Just because an advert appears in a reputable site don’t assume it is safe. Increasingly apparently genuine adverts that lead you to scams or unsavoury content are appearing in sites that you probably trust
- The address of a web page can be spoofed relatively easily in emails or advertisements. So check the url: put your cursor over it and then see where it is really linking to by looking in the “tray” at the bottom of your screen. Is it the same as the address in the email? Ask yourself if you trust the address you see
- Even if you do trust the address check it again! Is there a misspelling? A “q” might be substituted for a “g” or a lower case l for a capital I
- The safest thing is to train yourself to avoid clicking on links in emails or advertisements. I know that clicking on links is probably what you normally do, but it is risky. Instead type the URL of the company into your browser, or search for it
- Sometimes you see a long URL that you want to click on. Typing it all out is a pain and going to an organisation’s website and then searching for the page probably won’t work as you will never find the content you want. What are you going to do? It’s simple really. Copy the long part of the link that comes after the organisation’s name (the part that ends with “.com” or whatever). Then type the organisation’s address up to the .com into your browser. Now paste the part of the address you copied into your browser and click
- Alternatively copy and paste the whole link into the search bar (not the address bar) in Google; you will get a drop down with several option – click on the option that is marked “Google Search”. The list of search results you see should contain the web page that belongs to the URL (and possibly some sites that link to that web page) and (if you have a security package on your computer) you should see whether the link is safe to click on
- Sometimes, especially on social media like Twitter, you will be tempted to click on a shortened link like Bit.ly/xxx. Don’t: you have no idea where it leads! Instead use a URL expander like urlex.org to show you what it is linking to
- If you do click on a link and end up on a page that asks you to log in, don’t trust it. Kill the tab and open a new one. Then type in the URL of the site you want to log into and log in from there