What is phishing and why should you avoid it?
Not to be confused with fishing where you attempt to ‘lure’ a fish into your boat. The term ‘phishing’ is the attempt of a hacker to trick you into giving them identifiable information, such as a person’s name, credit card information, social security number, in order to ultimately steal money, identity, or other property. The information is typically obtained through coercion such as through email, texting, or other forms of electronic communication by posing falsely as representative of a company or providing a false link in an email or website that hijacks your personal information while it seems like you are on the intended website. According to definefinancial.com, there were 1,387,615 cases of identity theft in the US, an increase of 53% This is expected to increase dramatically in 2021.
Ways to avoid phishing
Protecting yourself from Phishing scams come in many forms, including fraudulent emails, phone calls, texts, and phishing websites. The goal of a phishing scam is to steal your authentication credentials in order to move further.
Take the following precautions to avoid phishing:
- Training yourself on how phishing attacks work
- Avoid Suspicious calls
- Using safe browsing practices
- Use contact info not available online
- Avoiding downloading software without verifying
The best defense against being a victim of phishing is to avoid it in the first place.
Training yourself to identify a phishing attack
The best course of action is a simple rule of thumb before you click on a link, respond in a comment is did I ask for this information. If the answer is yes, then be suspicious of it, if the answer is no, then be very, very suspicious of the request. Emails are probably the worst in which unsolicited emails with content written for you to click on a link to take an action and the result is you have unknowingly downloaded malware to your browser. The second worst is social media with the ‘click LIKE if you agree. Usually, a meme that maybe has a puppy, “Click LIKE if you think puppies are awesome!! You click and now your name is in a group of people who will now receive an ad about dog treats. Or worse, a post that says “What was your first concert?” “What street did you grow up on?” At some point, you have to notice a parallel between these unsolicited memes and security questions from your bank. It’s all designed to chip away your private and personal information.
Avoid Suspicious Calls
Probably the most noticeable form of phishing and is literally the originating means of the term “Phone” + “Fishing” = “Phishing” is receiving calls to gather information about you to use against you at a later time or to scam you right away. I have a simple rule, is that “I call you, you don’t call me” before I give any information over the phone. If it’s your bank tell them you will call them back and look up the number.
Using Safe Browsing Practices
As mentioned before, always be skeptical of any link. Hover your mouse over the link and at the bottom left of almost every browser you will see the full URL as opposed to what is written. Make sure the URL is legitimate before clicking it. If it is store.amazon.com.scammysite.com?xxxxxz/lsdkfj The root URL is scammysite.com not amazon. It’s built that way to fool you. Always look to the left of the ‘?’ or the ‘/’ or the very end to see what the last part of the URL is to determine if is fake. If unsure, open a browser in incognito mode and verify the link further. A free link checker is available by e.veritas by <CLICK HERE> You checked that first, right?
Use contact info not found online
This is really an old method and kind of counter-hack. I started doing this in the pre-online days by if I had to fill out a form that I was suspicious of I would add Jr. to the end of my name or an additional initial that wasn’t correct. If I received mail for Dr. Michael then I knew the mail was definitely a scam as my contact info was passed around. The same principle applies online, have an email that you use, have another you use for everything else. If it’s legit you can always change it to your good email address.
Avoid downloading attachments or software from unknown sources
This likely should go without saying, always verify the source before you download anything. If you are an older person who has been around a while, you know this was the primary way to spread a computer virus so you are likely cautious. If you have teenagers in your house, you have likely, like me, segmented your router so their network is separate from your network because they get enticed by this one constantly. A pound of prevention goes a long way and make sure you have anti-virus software and it is up to date on every computer in your network. If it’s your own household, schedule time on your calendar to do computer checkups.
Dealing with a phishing attack
If you know you have been a victim of phishing then there are a number of steps you must do. Change your passwords, update anti-virus and malware protection. If your computer has been compromised, restore it from a backup and then run all relevant updates to get it secured… then change all your passwords. Prevention is far easier, as Henry de Bracton once stated, “An ounce of prevention is worth a pound of cure.” So update that software and don’t click that stupid link.