What Is Phishing And How To Protect Yourself
Hopefully you’re coming across this blog post as someone looking to learn more about “phishing” rather than actually as a victim. Phishing is a popular and quickly increasing malicious online activity that is claiming hundreds of victims daily. So what the heck is phishing? According to Wikipedia:
Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.
To elaborate further, thousands of emails are maliciously sent on a daily basis by what seems like legitimate sources such as your bank, PayPal, Google, Apple and other popular companies. The hope is that you will fall for the bait and submit your user details into the wrong hands. Quite often, the perpetrators design an email and even a login page to look exactly like that of your bank’s or PayPal’s, but the user details, once submitted, are stored in a database for the perpetrators’ use.
Some phishing attempts cause an impact right away such as the perpetrator:
- Loging in to Paypal to transfer your funds to their bank account.
- Changing passwords to your email account in exchange for a ransom payment.
- Creating an invoice from a popular vendor like GoDaddy, a Retailer or Credit Card company for you to make a payment.
Other phishing attempts can go undetected for weeks or even months. In this scenario, the perpetrator hopes to gain access to your emails, account details and other information so that they can look around and find a gold nugget like a stored credit card, login details and other information they can use elsewhere. In fact, most social media “hacks” happen very inconspicuously. We had a client receive a phishing email from what seemed to be from Facebook. The email asked the user to update their privacy settings and it wasn’t until the following week that the compromise happened. The perpetrator logged in to their account, messaged all the client’s friends that she was stuck out of the country with no funds and asked to have money wired as quickly as possible to help her out.
How can you protect yourself from phishing?
It’s actually quite simple and just takes a change in perspective when you receive emails. Take a look at the following email below I recently received from “Royal Bank”. The email asks me to click on a link that you would assume would be Royal Bank’s website or www.royalbank.ca but when you rest your mouse over the link, you see the source link – the link where you will actually go to – is completely different. This link will most likely look like the Royal Bank’s login page and once you submit your bank card and password, the perpetrator has full access to your bank account.
Take the time to check links!
As a precaution and a best practice, you should never click on any links you receive in emails – EVER! To rule out the email as malicious, rest your mouse over the link to reveal the “real” link you will be accessing or close and delete the email, go to your browser and manually enter the website address of the site in question. If it’s an urgent or serious issue, the odds are you will see a notification right away when you log in to the “real” website. If in doubt, call the company to get an update on the issue.
Use security software as an extra line of defense
Most comprehensive internet security software are well equipped to detect and eliminate potentially harmful phishing emails as well as other security features such as spyware and virus protection. At OMIS.ca, we’ve been using ESET’s Internet Security for well over a decade and are extremely happy with the level of protection we receive. Quite often we’ll receive emails that will right away be zapped by ESET – without worrying about it. What’s great about ESET is that it’s not really a software but rather a subscription. ESET frequently sends updates or “signatures” with revised filters to further protect you. This is critical as the world of hacking, phishing and viruses is always changing.
As a summary:
- Never click on links in emails to sites that ask for a login or credit card and/or user details. In fact most companies heavily promote that they will never ask for that information via email.
- Rest your mouse over any links to cross-reference and double-check the validity of the link
- Manually enter the website address into your browser to get a status of your accounts.
- Ensure you are well protected by an internet security software like ESET Internet Security.