7 Smart Steps to Avoid Phishing Attacks
Last Updated: February 3, 2021
Nobody ever wants to fall victim to cybercriminals. Internet scams have been on the rise in recent years. Cybercriminals attempt to steal personal information from unsuspecting internet users by disguising themselves as a trusted internet platform. The term that describes this fraudulent act is known as Phishing.
Phishers convince you to click on links and take actions that give them access to your personal information, financial information, and device. Sometimes, you get these links through emails that appear to be legit and credible. Some of these emails are even personalized for you, bearing your name and location in some cases. These links can inject malware into your device and also steal personal information stored on the device.
As more people escape phishing attacks sent in the form of spam emails, cybercriminals are now more desperate and creative, developing even more effective methods and platforms to steal personal information. Sometimes, scammers call their prospective victims via telephone, disguising themselves as bank officials, co-workers, or even government officials, gaining the victim’s trust, and demanding their personal information.
Here are our top 7 smart steps to avoid phishing attacks:
1. Verify Requests for Personal Information
Anytime you receive an email with a link to submit personal information or financial information, don’t be in haste to click the links. Make sure you confirm the legitimacy and credibility of the link before clicking. Make it a habit never to share personal information and banking credentials over the internet. Whenever you receive an email from your colleague or supplier requesting you to send or update your bank details, make sure you put a call through to the individual, confirming that the email came from them.
Sometimes, you receive an email asking you to urgently make changes to your login credentials on supposed trusted sites. Such emails come with a link expected to redirect you to an unsecured website. Therefore, you must verify the authenticity of messages and emails you receive before giving out your personal information.
When you click on a link from your email, and it redirects you to a platform that looks like your bank, log out immediately. Most banks do not request a change in your bank details through email, although some still send messages and updates about their products and services via mail. To be sure that the link you received is legitimate, skip the link and login into your banking platform directly.
2. Be Careful When Opening an Email Attachment
Asides from links to malicious websites, phishers can send a mail with an attachment that contains malicious files. Many cybercriminals use this means to install malware on internet users’ computers. Ransomware is one of the malware you can get through this means. Once installed on your device, your files may become corrupted, and you will no longer have access to it unless you pay a certain amount as a ransom to the criminals.
Whenever you are unsure of the content of an attachment in your mailbox, please do not open it. If you’re not sure who the mail is from either, do not open the attachments. Report any suspicious emails that appear to be phishing attacks. The IT department in your company should be able to assist you in this regard. The Federal Bureau of Investigation (FBI) Crime Complaint Centre can also be of help.
3. Keep Your Antivirus and Security Software Updated
Using antivirus software can protect your devices against malicious files from external devices. Asides from this, antivirus software can protect you against many other security loopholes. Hackers dedicate their time to creating malware that can bypass antivirus security. Each time a new update is released for antivirus, you can be sure that hackers are already working on avoiding the latest security feature embedded in the software. It is, therefore, best that you keep your security software updated always. Every security update takes care of security new security issues that were not looked into in the last update.
Always keep your antivirus software enabled. Sometimes you download software from the internet, and you get a prompt asking you to turn off your antivirus software before installation. Do not fall prey to such instructions. Once you turn off your antivirus, you give cybercriminals access to your files and device. Once your antivirus software flags an executable file as malicious, ensure you terminate the installation immediately.
A firewall protects you from phishing attacks. It blocks the attacks/malicious files before it can make changes to any of your files. Firewalls act as a buffer between your device and a third party. Two different kinds of firewalls must be enabled on your computer: a network firewall and a desktop firewall, which is software. With these two in place, it is less likely that you would be a victim of phishing attacks. You only need to keep them running and updated always.
4. Keep Your Browser Updated
Popular web browsers update their security patches regularly. These updates are mostly targeted at addressing specific security breaches that may have popped up in the previous version of the browser, which hackers and phishers are likely to exploit. Anytime there is an update available for your browser, you would always receive a notification. If you still ignore notifications asking you to update your browser, it is time to stop.
There are specific browser extensions that you should consider adding to your browser, especially ad blockers and extensions that block malicious websites. These extensions can prevent you from falling victim of phishing attacks.
Some browsers also have in-built anti-phishing software embedded in the browser’s safe browsing feature. The anti-phishing measure checks the website you are visiting against a list of known phishing sites and sends a notification to warn you before you proceed to the site. Updating your browser also keeps the list of reported phishing sites updated.
5. Use Multi-Factor Authentication
Multi-factor authentication (also known as two-step authentication) offers you extra security against intruders. Asides from the regular username and password required to log in, some websites require additional personal information before you can log in to their platform. The information they need may be a unique code sent to your phone number or email, usually valid for a few hours or a few days in some cases.
Multi-factor authentication may also be a security question that only you can answer. When choosing a security question, you should choose one with a unique response, which cannot be easily guessed by anyone. For instance, choosing your date of birth as a security question is an amateur move. Rather, you should choose a question like “The hour of the day when you had your first child” or something close. As funny as it may sound, only a few people can correctly answer a question like this.
Two-step verification may add a few more seconds to the time required to log into your banking platform or social media platform, but those few seconds can be worth it. Even when phishers have gained access to your username and password, they are unlikely to have the extra information required to log into your account.
Therefore, whenever there is an option for multi-factor authentication when creating an account on a trusted site, opt-in for it.
6. Use a Paid VPN
Phishing attacks are not only targeted towards gaining access to your credit card details or social media login credentials. Some phishers want to know your location for reasons best known to them. They can trace your location through your IP address, which is available to anyone and everyone worldwide.
To avoid popping up on the radar of these cyber-stalkers, your best option is to make use of a VPN. A Virtual Private Network (VPN) guarantees you online privacy. Instead of seeing your IP address, the VPN server masks your IP address, and your internet traffic appears to come from a VPN server rather than your local address.
Whether you use a VPN or not, do not give out your personal information on untrusted websites or to strangers. “A VPN will only protect your device against prying eyes on the internet; it.” does not help you detect malicious websites, neither will it prevent you from giving out your information on the internet if you choose to.
7. Verify that the Website Is Secure
Most websites start with the HyperText Transfer Protocol (HTTP), which is an unsecured communication system. Nobody imagined a day when individuals would find joy in defrauding other internet users of their hard-earned money. The secure HyperText Transfer Protocol was then introduced to prevent internet scams.
Before you log in to a website, verify that the website URL starts with “HTTPS” instead of “HTTP”. The URL must also have a lock (🔒) icon preceding it on the address bar. Some browsers automatically notify you whenever you’re visiting an unsecured website and mark it as “Not secure.”
Asides from checking the URL, ensure you do not submit information on a website with questionable security certificates. Whenever you get a notification that you’re visiting a website that does not have credible security certificates, stop your browser from visiting the site. Never download a file from untrusted websites either, as they may contain malicious files.
To avoid phishing attacks, you need to stay ahead of your attackers. You must ensure that you stay updated with the various methods of attacks being used by cybercriminals. The tips highlighted above will help you to avoid phishing attacks.