Phishing prevention has become essential as more criminals turn towards online scams to steal your personal information. We’ve learned to dodge spam emails, but phishing emails can look deceivingly credible. Some are even personalized specifically for you. Since you will likely be exposed to a phishing attack eventually, you’ll need to know the red flags. Because scams are nothing new on the web, but phishing is harder to spot than you might think.
Across the web, phishing attacks have baited unsuspecting victims into handing over bank info, social security numbers, and more. Plus, cybercriminals have become even savvier with their disguises. Sometimes these scams hide behind voices you know and trust, like your coworkers, your bank, or even your government. If you so much as click a link, you could be the scammer’s next victim.
As we dive into how to prevent phishing, we’ll answer some important questions:
Phishing persuades you to take an action which gives a scammer access to your device, accounts, or personal information. By pretending to be a person or organization you trust, they can more easily infect you with malware or steal your credit card information.
In other words, these social engineering schemes “bait” you with trust to get your valuable information. This could be anything from a social media login, to your entire identity via your social security number.
These schemes may urge you to open an attachment, follow a link, fill out a form, or reply with personal info. By that logic, you must be on guard at all times which can be exhausting.
The most common scenario is as follows:
These threats can get very elaborate and show up all types of communication, even phone calls. The danger of phishing is that it can deceive anyone that isn’t skeptical of smaller details.
To help you guard yourself without becoming paranoid, let’s unpack how phishing attacks work.
Anyone who uses the internet or phones can be a target for phishing scammers.
Phishing scams normally try to:
Sometimes these threats don’t stop with just you. If a hacker gets into your email, contact list, or social media, they can spam people you know with phishing messages seemingly from you.
Trust and urgency are what makes phishing so deceiving and dangerous. If the criminal can convince you to trust them and to take action before thinking — you’re an easy target.
Phishing can affect anyone of any age, whether in their personal life or in the workplace.
Everyone from the elderly to young children are using internet devices nowadays. If a scammer can find your contact information publicly, they can add it to their phishing target list.
Your phone number, email address, online messaging IDs, and social media accounts are harder to hide nowadays. So, there’s a good chance that just having one of these makes you a target. Plus, phishing attacks can be broad or highly targeted in the people they choose to trick.
Spam phishing is a broad net being thrown to catch any unsuspecting person. Most phishing attacks fall into this category.
To explain, spam is the electronic equivalent of the ‘junk mail’ that arrives on your doormat or in your postbox. However, spam is more than just annoying. It can be dangerous, especially if it’s part of a phishing scam.
Phishing spam messages are sent out in mass quantities by spammers and cybercriminals that are looking to do one or more of the following:
Spam phishing is one of the more popular means that scammers get your info. However, some attacks are more targeted than others.
Whaling takes on high-level targets, while spear phishing widens the net. Targets usually are employees of specific companies or government organizations. However, these scams can easily be aimed at anyone seen as particularly valuable or vulnerable.
You might be targeted as a customer of a targeted bank, or an employee of a healthcare facility. Even if you’re just responsive to a strange social media friend request, you might be phished.
Phishers are much more patient with these schemes. These personalized scams take time to craft, either potentially for a reward or to increase the chances of success.
Building these attacks may involve gathering details about you or an organization you happen to be involved with.
Phishers might take this information from:
Moving in for an actual attack might be swift with an immediate attempt to encourage you to take an action. Others might build a connection with you for months to earn your trust before the big “ask.”
These attacks aren’t limited to direct messages or calls — legitimate websites might be hacked directly for a phisher’s benefit. If you’re not careful, you might be phished just by logging in to site that is normally perfectly safe.
Unfortunately, it seems many people are convenient targets for these criminals. Phishing has become a new “normal” as these attacks have ramped up in frequency.
The first hurdle is understanding what to expect from phishing. It can be delivered in all kinds of means, including phone calls, texts, and even in hijacked URLs on perfectly legitimate websites.
Phishing is much easier to understand once you’ve seen it in action. You’ve probably already seen a few of these scams and just chucked them aside as spam.
Regardless of how they are targeted, phishing attacks take many roads to get to you and most people are likely to experience at least one of these forms of phishing:
In other cases, legitimate websites might be manipulated or imitated via:
Even your actual internet connection can be compromised by:
Finally, here are some more types of phishing you should be aware of:
The truth is the list of types of phishing attacks is extensive and constantly expanding. These are some of the most common currently, but you might see new ones even in a few months.
Since these scams rapidly change to fit current events, they’ve been hard to spot. But there are ways you can keep yourself safer and being aware of the latest scams is an easy way to start.
Whilst it would be impractical and impossible to list every known phishing scam here, there are some more common ones you should definitely look out for:
Iran Cyberattack phishing scams use an illegitimate Microsoft email, prompting a login to restore your data in attempts to steal your Microsoft credentials. Scammers use your fear of being locked out of Windows and the relevance of a current news story to make it believable.
Office 365 deletion alerts are yet another Microsoft-related scam used to get your credentials. This email scam claims that a high volume of files have been deleted from your account. They give a link for you to login, of course resulting in your account being compromised.
Notice from bank. This scam tricks you with a fake account notification. These emails normally give you a convenient link which leads to a web form, asking for your bank details “for verification purposes.” Do not give them your details. Instead, give your bank a call as they may want to take action on the malicious email.
Email from a ‘friend’. This scam takes the form of a known friend who is in a foreign country and needs your help. This ‘help’ normally involves sending money to them. So, before you send your ‘friend’ money, give them a call first to verify whether it’s true or not.
Contest winner/Inheritance email. If you’ve won something unexpectedly or received an inheritance from a relative you've never heard of — don’t get too excited. Because, most of the time these emails are scams that require you click on a link to enter your info for prize shipment or inheritance ‘verification’.
The tax refund/rebate. This is a popular phishing scam as many people have annual taxes which they pay or have to submit payment to. These phishing messages normally say that you are either eligible to receive a tax refund, or you have been selected to be audited. It then requests that you submit a tax refund request or tax form (asking for your full details), which scammers then use to either steal your money and/or sell your data on.
Coronavirus/COVID-19 phishing scams are the latest to weaponize fear for cybertheft. One of the most notable is the Ginp banking trojan which infects your device and opens a web page with a “coronavirus finder” offer. It baits people into paying to learn who is infected nearby. This scam ends with criminals taking off with your credit card info.
There have also been cases of scammers pretending to be important government bodies and even the World Health Organization (WHO). This scam involves scammers contacting users directly, usually by email. Requesting bank details or asking you to click on a link — in an attempt to infect your computer with malware and steal your private data.
These emails and messages may look official, but if you investigate the link URL (by hovering over the link, again, do not click it) or the email address carefully, there are usually tell-tale signs that they are not authentic and should not to be trusted (such as WHO or government emails coming from a Gmail account, etc.).
Do not fall for these scams. These organizations will never ask you for sensitive personal details or private banking details. And, the chances of them asking you to download an app or software onto your computer is also incredibly low. So, if you receive an email or message like this, especially out of the blue, do not click on the links and do not give them your personal information or bank details. Check with the applicable authorities or your bank if you’re unsure, and only use/visit trusted websites and sources.
If you receive one of these emails, this is what you should do:
Primarily, phishing emails are laced with similar traits that a trained eye should be able to catch. However, these aren’t always easy to spot at first glance, so let’s unravel these red flags.
Spotting a phishing email comes down to pointing out anything inconsistent or unusual.
Sometimes it's difficult to recognize what's genuine and what's a phishing attempt. First, you’ll want to be sure that you slow down before opening any links, attachments, or sending a reply.
Here’s an example of how you should react, if you receive a suspect email:
You receive an email politely requesting a donation for victims of the most recent hurricane to make landfall. The sender's domain reads "firstname.lastname@example.org" and though the organization could be legitimate, you haven't heard of it.
Usually, your spam folder shields you from these kinds of emails, but for some reason this one is sitting at the top of your inbox.
You are computer savvy, and you're not taking chances with any email from an organization that's asking for personal and financial information. This is especially true when you didn't request it and can't verify its identity.
By taking a pause, instead of taking immediate action, you’ve taken an important step to protect yourself. However, you’ve still got to determine if this is legitimate or a scam.
Now you need to know exactly what to look for in a phishing email to make a decision.
One of the reasons phishing emails are so sinister — and unfortunately often successful — is that they're crafted to look legitimate. Generally, the following features are common among phishing emails and should raise red flags:
Hackers often rush to get phishing sites up, so some of them will look significantly different from the original company. You can use these traits to pick a malicious email out of your inbox.
Still, it's not always clear what steps to take when you receive a phishing email that has skirted around your spam folder.
Being vigilant about spotting phishing emails is key. If you've come across one in your inbox (that hasn’t been auto filtered into spam), use these strategies to avoid becoming a victim of a phishing attack.
Just remember, the best way to handle a phishing email is to block or delete it immediately. Whether you take any additional actions to limit your exposure to these attacks is a bonus.
Beyond spotting the email and removing it, you can guard yourself with a few extra few tips.
Whether we like it or expect it, you will be the target of these phishing emails every day.
Most of these are filtered out automatically by our email providers, and for the most part, users have gotten relatively good at identifying these types of emails and using common sense to not comply with their requests.
But you’ve already seen how deceptive phishing can be. You also know phishing attacks extend into all types of communication and internet browsing — not just emails.
By following a few simple phishing prevention tips, you can greatly reduce your chances of falling victim to a scammer.
Internet protection starts with your mindset and behavior toward potential cyberthreats.
Phishing tricks victims into giving over credentials for all sorts of sensitive accounts, such as email, corporate intranets and more.
Even for cautious users, it's sometimes difficult to detect a phishing attack. These attacks become more sophisticated over time, and hackers find ways to tailor their scams and give very convincing messages, which can easily trip people up.
Here are a few basic measures to always take with your emails and other communications:
Here are some more useful tips – from Kaspersky’s team of Internet security experts – to help you reduce the amount of spam email you receive:
Set up a private email address. This should only be used for personal correspondence. Because spammers build lists of possible email addresses – by using combinations of obvious names, words and numbers – you should try to make this address difficult for a spammer to guess. Your private address should not simply be your first and last name – and you should protect the address by doing the following:
Set up a public email address. Use this address when you need to register on public forums and in chat rooms, or to subscribe to mailing lists and other Internet services. The following tips will also help you to reduce the volume of spam you receive via your public email address:
Never respond to any spam. Most spammers verify receipt and log responses. The more you respond, the more spam you’re likely to receive.
Think before you click ‘unsubscribe.’ Spammers send fake unsubscribe letters, in an attempt to collect active email addresses. If you click 'unsubscribe' in one of these letters, it may simply increase the amount of spam you receive. Do not click on 'unsubscribe' links in emails that come from unknown sources.
Keep your browser updated. Make sure that you use the latest version of your web browser and that all the latest Internet security patches have been applied.
Use anti-spam filters. Only open email accounts with providers that include spam filtering. Choose an antivirus and Internet security solution that also includes advanced anti-spam features.
One of the simplest ways to protect yourself from becoming a victim of a phishing scheme is to install and use proper Internet security software on your computer. Internet security software is vital for any user because it provides multiple layers of protection in one simple-to-manage suite.
For the most reliable protection, your security plan should include the following:
Anti-spam software is designed to protect your email account from phishing and junk emails. Aside from working with pre-defined denylists created by security researchers, anti-spam software has intelligence capabilities to learn, over time, which items are junk and which are not. So while you still should be vigilant, you'll get some comfort from knowing that the software is also filtering out potential trouble. Use anti-phishing protection and anti-spam software to protect yourself when malicious messages slip through to your computer.
Anti-malware is included to prevent other types of threats. Similar to anti-spam software, anti-malware software is programmed by security researchers to spot even the stealthiest malware. With ongoing updates from vendors, the software continues to become more intelligent and better able to deal with the latest threats. By using an anti-malware package, you can protect yourself from viruses, Trojans, worms and more.
By combining a firewall, anti-spam and anti-malware into one package, you can provide extra backups that keep your system from being compromised, if you do accidentally click on a dangerous link. They are a vital tool to have installed on all your computers as they are designed to complement common sense.
While technology is a rapidly evolving field, by using a security package from a reputable security vendor, you can secure your devices from phishing and other malware threats.
In addition to having virus protection software on your computer, it is crucial to use a password manager to manage your online credentials.
Today, it is vital to have different passwords for all websites. If a data breach ever occurs, malicious attackers will try using the discovered credentials across the web.
One of the best features of password managers is that they usually automatically fill in login forms to minimize clicking around. Additionally, many password managers include portable editions that can be saved to a USB drive, ensuring that you can take your passwords wherever you go.
While phishing can be a difficult area to tackle at times, by following the simple tips and advice outlined in this article (and embracing proper phishing prevention tools) — you can greatly minimize your risk of falling victim to digital scammers.
If you are in need of a full internet security package try Kaspersky Total Security.