Statistics show that 1 in every 99 emails is a phishing attack. That averages out to 4.8 emails per employee in a five-day workweek.
With such a high number of scam emails, it more likely than ever that people are going to fall prey to these attacks.
Because of this, it is vital that you educate yourself, and your team, about phishing protection and how to prevent phishing attacks.
What is Phishing?
Phishing is when you get calls, texts or emails that seem to be from companies or people you know. However, they are from scammers.
They are trying to get you to click a link or give them your personal information so that they can steal your money or identity.
The classic case of phishing is when you get an email that seems to be from a reputable company such as PayPal or Netflix.
The email may state that you need to update your payment details or login credentials. The link sends you to a fake website that can look very real and convincing! In fact, around 1.4 million phishing websites are created each month.
If you enter in your information into a bogus site like this, it goes straight to cybercriminals.
Recognize Phishing
Scammers constantly update their tactics in order to snare more people, but if you understand what to look for, you won’t fall for their traps.
Here are some signs that will help you recognize a phishing email or text message.
At first glance, the text or email may seem to come from a company you know. It may look like a message from your bank, internet provider, credit card company, online store and so on.
Most phishing messages ask you to click a link or download an attachment. Though legitimate companies could potentially say the same thing, there are clues that a message is from a scammer.
Common Phishing Tactics
Scammers tend to use the same tactics to cause you to act. Some of these are scare tactics.
The message may say that they’ve noticed suspicious log-in attempts and ask you to click to update your password. They may also say they’ve had problems with your payment information and to update it by clicking a link.
You can find out where a link is taking you without clicking through. Simply hover over the link to see the URL. Do this before clicking every time.
Sometimes, the message asks you to please confirm personal information by replying, or it may include an “invoice” that you need to download.
Some tactics appeal to your sense of luck. They may say you’ve won a prize or are offering you a gift certificate or coupon, or that you are eligible for a government refund or rebate.
Common Phishing Language
The main reason people fall for phishing attacks is that they seem so real. They may have the logo of a reputable company or the name and signature of the CEO at the bottom.
Yet, phishing attacks have a common language that can alert you not to be fooled.
Be on the lookout for typos, grammatical errors and unprofessional language. Be wary of messages that create a sense of urgency. Things like “you have 24 hours” or “act now to avoid penalties” are signs to tread carefully.
Always be suspicious of messages asking you to confirm any sensitive information such as your address, banking information and so on. Look for messages that address you as “dear customer” or “hello dear” instead of your real name.
Phishing Protection Tips
Now that you know how to spot phishing, learn how to avoid phishing attacks with these tips.
Use Security Software That is Up-to-Date
One of the best ways to prevent phishing attacks is by having up-to-date security software. Make sure it is set to update automatically so that you are always protected from new threats or weak spots.
Set your mobile device for automatic updates as well. Use the most current version of your web browser.
Use Multi-Factor Authentication
Using two or more credentials to log in to accounts provides you an extra layer of phishing protection. This may be a one-time-use passcode sent to you via text message before you can log in, or it could be a fingerprint scan.
Multi-factor authentication makes it harder for scammers to log in to your accounts if they do get your username and password.
If you own a business, learn the best, inexpensive cybersecurity tips for your business.
Look for the Lock
All HTTPS web pages show a lock icon in the URL bar. You should never visit a site that is not secure.
Every legitimate business should have moved to HTTPS by now. Even if they aren’t scammers, they aren’t safe. Avoid these sites altogether.
Chrome marks HTTP sites as “Not secure.” Don’t bypass this message unless you are 100% sure that Chrome has given you a false positive.
Type in URLs and Use Bookmarks Instead of Clicking Links
Clicking links is risky. As we mentioned earlier, hovering over the link is a way to discover the URL.
Instead of clicking it, type in the URL into a new browser tab. However, only do this for legitimate companies, not emails that could be phishing scams.
Also, bookmark your most frequently used websites and open them from your browser that way.
If you get an email that seems to be from your bank account, don’t click, and don’t type in that URL. Instead, go to your bank account website (which you would have bookmarked previously) and log in. Then you can find out if the message is legitimate.
Remember, the less you click on links, the more phishing protection you have.
Final Word on Phishing Protection
Now that you’ve learned everything you can about phishing protection, you can keep your identity and money safe. The important thing to remember is when it comes to the internet, always err on the side of caution. You can never be too skeptical of a website or email.
Do you need help training your employees on security awareness? Then contact us today to see how we can help!