Cybersecurity Awareness Training Impacts Organizational Resilience Cybersecurity [...]
In this article, we’ll be going over the top seven ways to protect yourself and your business from email phishing attempts. But first, what is phishing?
Phishing Defined
Although it may sound like a recreational sport, phishing is not a virtuous practice. It is, instead, the deceitful and illegal practice of trying to obtain personal information by way of fraudulent emails.
Most of the time, phishing emails purporting to be from a legitimate business, like a store, bank, or online service. Frequently, these are establishments where you actually hold an account, so receiving them, at first, may seem reasonable. It’s when you look at the details of such emails that things become troublesome.
The goal of phishing emails is to appear legitimate while luring personal information, like the following, out of you:
- Login information (usernames and/or passwords)
- Social security number
- Credit card or financial information
- Date of birth
- And other (usually financially related) information
If you end up giving the fraudsters this data, their ultimate goal is to use it to hack into your life in some way — often by getting access to your bank accounts, credit cards, and more.
If you’re concerned about phishing, here are seven tips for catching fraudulent emails and staying away from phishing attempts altogether.
1. Don’t send personal information.
Be on the lookout for emails that ask for your personal information. Whether you hold an account with the purported sender or not, nearly all establishments avoid asking for personal information by email.
Therefore, if you get an email like this, it’s likely a scam. This is especially true if the email specifies that the issue is urgent and if you don’t send the information right away, your account will be cancelled or other repercussions will ensue.
2. Try hovering over links and/or buttons.
If you receive an email where there is a web address or link, there’s a way to check if the address is legitimate or not. To do this, hover your mouse over the link (or button). A small box should appear showing the website. If this website is legitimate, it will be the actual establishment’s website. If it looks unusually long or has a different name, do not click the link.
3. Always type web addresses in directly.
As a rule, never use links directly from emails. If you receive an email from your bank stating that you need to update personal information, this may worry you. So, to double check, type your bank’s actual website into the search bar and see if they still ask you for this information when you login from there.
4. Only use secure websites.
There are ways to check that a website is secure. You’ll know when these two key features are present:
– “https” will be present at the start of the web address
– There will be a security lock icon (usually to the left of the web address)
5. Double check the security certificate by double-clicking the security lock icon.
By double-clicking the lock icon, you’ll be able to see the security certificate for the website. If, when you click the lock, you receive a warning message or there is no certificate available, stay away from that website.
6. Avoid using public WiFi.
At all costs, avoid using public WiFi — especially when banking, shopping, and entering personal information. It’s always better to use your phone’s cell phone connection.
7. Watch for “personalization” … with one caveat.
It’s always a better sign if emails use your actual name instead of “user” or “sir or madame,” but also keep in mind that even phishing emails can be crafty enough to know your actual name. In the end, if you receive an email addressed to your name, that’s not enough to signify that the email is legitimate. Look for other factors too.
Remember to always … be cautious and suspicious!