Understanding phishing: The bait that bites
Overcoming phishing attacks involves awareness and training.
People should be able to identify and resist phishing just as they would avoid pickpockets.
—Bruce Schneier
Understanding phishing: The bait that bites
We’ve explored this topic before but phishing is so widespread and scammers are constantly finding new and even more devious ways to lure you in that we figured it was time for a reminder and an update.
Phishing is a deceptive attempt by scammers to steal your personal information, such as passwords, credit card numbers, and (for those of you overseas) social security numbers. The scammer acts like a trustworthy entity in electronic communications, usually a bank or some other service you regular use. Typically the scammers phishing emails look like they come from these legitimate sources, such as a bank asking you to do something familiar or a courier service asking you to collect a parcel.However, the devil is in the details, and these emails often have subtle giveaways that can alert you to their true nature. Recognizing these can be the difference between safe surfing and a cyber catastrophe.
The telltale signs of phishing
The first step in avoiding phishing is to recognize common signs. Phishing emails often create a sense of urgency, pressuring you to act quickly. Look out for alarmist language like "urgent action required" or "your account will be closed." They may contain suspicious attachments or links to fake websites that mimic real ones. Another red flag is poor spelling and grammar, which are not typical in official correspondence. Additionally, the sender's email address may look odd with slight, easy-to-miss abnormalities.
Verification: Don't take the bait
When an email asks you for personal information, it's a moment to pause and verify. Legitimate companies do not request sensitive information via email. If you're unsure whether an email is legitimate, do not click on any links or download attachments. Instead, contact the company directly using a phone number or website address you know is genuine. This direct line of inquiry can quickly reveal a phishing scam's hook before you're reeled in.
Safe clicking: Identifying and avoiding traps
Not all links are created equal. Hovering over a link in an email will show you the actual URL where it will take you. If the URL looks suspicious or doesn't match the supposed destination, steer clear. It's better to manually type the website address into your browser than to risk clicking on a potentially dangerous link. Moreover, keep your computer's antivirus software up to date to provide an additional safety net against phishing attempts.
When you've caught a phish: Immediate actions
If you've accidentally clicked on a phishing link, take immediate action. Disconnect your device from the internet to prevent the spread of potential malware and viruses. Change your passwords from another device, and monitor your accounts for any unusual activity. It's also a good idea to report the phishing attempt to the appropriate authorities, such as the Anti-Phishing Working Group ([email protected]) or the company that was impersonated, such as your bank.
Educating others: Spread the word, not the phishing
Phishing thrives on the unprepared, so educate yourself and others. Share your knowledge about phishing with friends and family, especially those who may not be as tech-savvy as you. The more people know about these deceptive practices, the less successful phishers will be. Encourage others to practise scepticism with unsolicited emails (emails they didn’t ask for) and to prioritise cybersecurity in their daily digital lives.