Phishing: How to Recognize and Avoid These Scams
Scammers often send emails or text messages to their victims in a bid to trick them into handing over sensitive information. And if you’re not attentive enough, then you may be someone who falls into their trap.
Don’t fear as there are many actions you can take to protect yourself online. In this post, we’ll list some of them:
- How to recognize phishing
- 6 types of phishing techniques
- How to protect yourself from phishing attacks
- What to do if you suspect a phishing attack
- How to report phishing
- How to prevent phishing attacks
How to recognize phishing
Phishing is a criminal activity used by scammers to obtain private information such as account login details or credit card numbers through malicious emails, calls, or text messages.
Despite this threatening behavior, the way phishers behave is predictable. The information they usually try to get their hands on includes:
- full name
- full address
- date of birth
- bank account number
- credit card number and security code
- online account passwords
- answers to any security questions, such as your mother’s maiden name
What are the phishing techniques
The main phishing techniques include:
- Spear phishing targets those with a lot of money in their accounts or access to important company information. Other times, scammers use this technique to target a demographic more prone to phishing. For example, American senior citizens are statistically more vulnerable to phishing attacks, according to a 2019 study by the Aspen Institute's Tech Policy Hub.
- Clone phishing often happens when criminals clone a bank’s email or website. Then, they try to send it to a list of bank customers to trick them into revealing private information such as bank account login details or even their credit card information.
- Whaling. Whales, in the phishing world, refer to people who are in the big league. They can be C-level executives like CEOs or CFOs who earn more than your average joe and have access to company funds. If phishers ever get a hold of their details, then it can be very lucrative, leading to huge pots of money.
- Pop-up phishing. This is also known as in-session phishing as people are usually browsing or visiting a website when a pop-up appears asking for information (for example, to input a mobile number or credit card details).
- Vishing is a combination of the words voice and phishing and occurs when criminals call you to request private information. They can sound professional by pretending to be representatives from banks or insurance companies so you feel at ease sharing your personal details with them.
- Smishing. Using SMS (Short Message Service) or text messages to phish is called smishing. For smishing, look out for misspellings or typos. Unprofessional-sounding messages are a red flag too.
How to protect yourself from phishing attacks
The bad news is that we can never be completely safe from phishing. However, the good news is that there are plenty of ways you can protect your email and personal information.
Here are a few practical pieces of advice to help you secure your email from phishing attacks:
- Use specific software to keep your computer secured. Having an effective security software in place just gives you an extra layer of protection and peace of mind.
- Enable multi-factor authentication (or 2FA) for your online accounts. With 2FA, aside from typing in the password, you will also be prompted to enter a PIN sent to your phone. It’s tedious but it also makes your account much harder to hack.
- Use a password manager. With these apps, you can log in without keeping a physical copy of your passwords. Services like LastPass or KeePass securely keep track of all your data.
- Browse securely with a VPN. When you use a Virtual Private Network (or VPN), it means having a more secure connection compared to your usual public Wi-Fi. Using a VPN enables you to hide your location or transaction details by encrypting any information you send. It’s like sending a coded message to the internet and only the intended recipient has the key to break the code and access it. Because of this, phishers and other hackers can’t spy on your online activities.
- Make sure you have the latest updates to your OS/browser. We know, we know. Updating your device to the latest version can be a real bore. But updates are made for a reason. Apple or Windows may have found vulnerabilities in their system and created fixes to improve security.
What to do if you suspect a phishing attack
What if you accidentally clicked on a malicious link? Or if the phisher was so good, they fooled you despite all the warnings?
Fret not, here are some steps you can take to ensure no further damage is done:
- Immediately disconnect your device from the internet. This is applicable if you have just clicked on a malicious link and are being redirected to a dubious website.
- Change the passwords of all your online accounts.
- If you think your credit card has been caught up in this phishing attack, call your bank and cancel the card.
- If your account was taken over, make sure you inform friends and colleagues about the breach.
- Watch out for the warning signs of identity theft. Set up a fraud alert with your bank or any relevant government agencies.
- Backup your files and reformat your device if needed.
- Scan your device for viruses and malware (or malicious software).
How to report phishing
When you have identified an email as phishing, it’s time for payback. There are ways you can fight back to keep yourself more secure:
- Forward the letter to the Anti-Phishing Working Group at firstname.lastname@example.org. If you receive a phishing text message, forward it to SPAM (7726).
- Report the phishing attack to the FTC at ftc.gov/complaint.
- Mark the email as spam. This reminds your email provider or network to automatically direct emails from this address straight to the bin.
- If the sender has a Gmail address, you can also report it to Google so they can deactivate the account. You can do this by simply clicking those three little dots for the “More” option beside the Reply button. There should be an option saying Report as phishing email.
How to prevent phishing attacks
The ways online criminals attack internet users is constantly evolving but there are certain steps you can follow to stay protected from phishing attacks:
- Use spam filters. This will intelligently filter out all the spam, including phishing automatically sending to the spam folder (this way, you never have to read them). With spam filters, it is easy to detect such emails even before they reach your inbox.
- Configure browser settings. In many web browsers, the phishing and malware detection option is turned on by default. If you are redirected to suspicious sites, you should receive a warning message.
- Change your browsing habits. When purchasing online deals don’t hesitate to contact the company personally before entering any personal details online.
- Hover over the URL first if you received it in a suspicious email. A secure website will always begin with https confirming the valid Secure Socket Layer (SSL) certificate.
Avoid phishing attacks
Be careful when you get an email from an unknown sender asking for personal information such as your phone number or login credentials. If you get this type of email:
- Don’t follow any links or provide personal information until you are sure the email is real.
- Report any suspicious-looking emails using one of the methods above.
When you get an email that looks like a phishing attack, here are a few things to check for:
- Check if the email address and sender name match.
- Check if the email domain is authenticated.
- Check the message headers to make sure the "from" header isn't showing an incorrect name.
* * *
It is easy to stay safe from phishing attacks with Clario. The Clario app is an all-in-one utility security software covering things you use every day online: web browsers, online accounts, email, and much, much more.
Download Clario now and we will back up your security.
We’d like to stay in touch.
We’ve got something special to share! Enter your contact details below to be among the first to find out about the exciting changes we’ve got in the works as well as to receive special promotions.
Thanks for your subscription!
You’ll be the first to know about our updates. Please keep an eye on your mailbox.