Phishing is one of the oldest scams in the books, and with a success rate of 30%, no matter how well prepared you are and how many anti-malware software you have installed, it is you who will be the main culprit if you fall for this, putting your data security at risk.
Like its name suggests, it works like fishing. Scammers will send invitations for users to log into mimics of real websites, saving their sensitive information, including their bank information, and stealing whatever they can, most of the time without the victim even knowing, making it one of the worst threats for users.
But this doesn't just affect individuals. According to Wombat Security in their State of Phishing Report, 85 percent of organizations have suffered phishing attacks, and this number keeps increasing year after year and increasing the costs of computer security.
This is why we’ve compiled a list of 7 steps to avoid being a victim and keeping your most valuable information safe.
Emails will never ask for information
They all warn about this but people still click on links in e-mails. To prevent this exact issue, companies and banks have stopped asking people to click on buttons or links in their e-mails and to manually type the URL instead.
While this becomes a hassle for users, it is done to reduce the risk of people clicking on suspicious links in e-mails thinking they are real.
Check all details
Phishers will try to convince you they are real, and because of this, they will mimic every single aspect of a legit institution or person in the e-mail, including name, address, font, template and sometimes they will even personalize the e-mail with your name.
Check every part of the e-mails you receive to determine if it is legit. Maybe instead of Ronald@McDonald.com the e-mail is @McDonald2.com, or if you hover the hyperlink you’ll see in the preview that while the domain is the same, the index is wrong and it should be avoided.
It is called Secure for a reason
Let’s imagine someone managed to hide all the previous points and you’ve clicked the link. There is another barrier that you can use to be sure if it is fake or real, checking its security before it is too late.
If a page is legitimate, it will be recognized as safe and it will display a green lock next to the name, the name of the certification and the URL will start with a “https://”. The S stands for secure.
Improve your security
Having an antivirus or anti-malware software won’t protect you from these sites, since there’s no download or virus involved, you’re basically giving away your information for free, but it doesn’t mean you can’t be prepared.
Multiple security softwares now offer website evaluation services that will rank and score links depending on how secure they are. If you click on a link that is mimicking another one, a warning will be displayed before you enter.
This will even work with Google, showing the scores next to every single result.
Social Media is also a channel for scams
While e-mails are the usual way for scams to proliferate, Social Media such as Facebook or Twitter is a current implementation of phishing techniques.
Scammers are using fake links to trick people into clicking on them and then redirecting them to a fake login site, giving the impression that the user logged out and must log in again, stealing your password and account.
This way scammers can steal your personal information, your account and start spamming the links to your contacts, making it a hassle for you and your friends and family.
Check your account regularly
One of the most dangerous things about phishing is that you usually don’t realize you were a victim until it is too late.
Never leave an account unattended. Even if it is your iTunes account you rarely log into, maybe it was taken over a couple months ago, and someone is waiting for you to leave your credit card information, or worse, they’ve gotten access to your bank account and are stealing small amounts so you don’t notice right away.
Don’t repeat passwords
We know remembering more than two passwords is tiresome. Sometimes I have problems remembering one. But just using one account and password for all your services makes life easier for scammers.
If you only use one, being a victim just once will grant access to more than one service, and they will start digging for information in every single one of them, leaving a trace of locked accounts, spammed friends or even using some accounts for illegal activities like money laundering.
Phishing is a serious issue, and it’s up to you to be safe. Don’t fall victim of such a simple scam method and always pay attention.