[BreachExchange] Best 5 ways you can protect yourself from phishing attacks

Audrey McNeil audrey at riskbasedsecurity.com
Fri Jan 26 14:14:49 EST 2018


Phishing forms one of the biggest attack vectors for cybercriminals as it
is easy to fool users by sending an unsuspecting link through email posing
as your friend. It’s a widespread problem, posing a huge risk to
individuals and organizations. If you have read various cybersecurity
surveys or research reports, you will find that phishing predominantly
features among top three cyber threats.

Phishing can cause great harm including giving your PC/laptop control to
the cybercriminals/scammers/fraudsters and losing important financial data
to them.Needless to say, it’s something we all need to be aware of, as
phishing attacks are not going to abate anytime soon.

But worry not, as our Top 5 guide will help keep these scammers at bay.

What is Phishing?

Before we go into that, here’s a brief overview of what phishing is.
Phishing is perhaps the easiest threat vector for identity theft where
cybercriminals try to get users to hand over personal and sensitive
information (without them knowing it). Interestingly, phishing has existed
since time immemorial even through physical letter scams and via phone

Cybercriminals have typically deployed phishing attacks after they
buy/steal information from a data breach.They use such stolen email ids and
passwords to scam their future targets and sometimes even blackmail them.
Phishing attacks succeed because we are a trusting lot and the weakest link
and thus the most effective target for criminals looking for illegitimate

Follow the tips below and stay better protected against phishing attacks.

1. Be sensible when it comes to phishing attacks :
You can significantly reduce the chance of falling victim to phishing
attacks by being sensible and smart while browsing online and checking your
emails. Never click on links, download files or open attachments in emails
(or on social media), even if it appears to be from a known, trusted source
unless you have personally verified it.

If you have any doubt, you should open a new browser window and type the
URL into the address bar. Be wary of emails asking for confidential
information – especially if it asks for personal details or banking
information. Legitimate organizations, including and especially your bank,
will never request sensitive information via email.

2. Beware of shortened links :
You should beware of clicking shortened links, especially on social media.
Cybercriminals often use these – from Bitly and other shortening services –
to trick you into thinking you are clicking a legitimate link, when in fact
you’re being inadvertently directed to a cloned look-alike site.

You should always place your mouse over a web link in an email to see if
you’re actually being sent to the right website – that is, “the one that
appears in the email text” is the same as “the one you see when you

Cybercriminals may use this cloned website which looks very much like the
original website to steal your entered personal details and sometimes
implant malware on your PC/laptop/smartphone

3. Does that email look suspicious? Read it again :
Plenty of phishing emails are fairly obvious. They will be punctuated with
plenty of typos, words in capitals and exclamation marks. They may also
have an impersonal greeting – think of those ‘Dear Customer’ or ‘Dear
Sir/Madam’ salutations – or feature implausible and generally surprising

Cybercriminals will often make mistakes in these emails … sometimes even
intentionally to get past spam filters, improve responses and weed out the
‘smart’ recipients who won’t fall for the con.

4. Be wary of threats and urgent deadlines :
Most phishing attacks succeed because we are always in a haste. Online
surfing is serious business and things should not be done in haste.
Usually, scamming emails contain threats and urgency – especially if coming
from what claims to be a legitimate company – are a sign of phishing.

Some of these threats may include notices about a fine or advising you to
do something to stop your account from being closed. Ignore the scare
tactics and contact the company separately via a known and trusted channel.

5. Browse securely with HTTPS :
You should always, where possible, use a secure website (indicated by
https:// and a security “lock” icon in the browser’s address bar) to
browse, and especially when submitting sensitive information online, such
as credit card details.

You should never use public, unsecured Wi-Fi for personal use like banking,
shopping or entering personal information online. When in doubt, use your
mobile’s 3/4G or LTE connection.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180126/0f01931f/attachment.html>

More information about the BreachExchange mailing list