As businesses move to digital platforms, persistent cyber threats continue to compromise personal information using a variety of tactics, including phishing. Phishing is the process of masquerading as a trustworthy entity in electronic communication — typically via email — in a fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details. A 2017 survey reported that over 75% of its respondents have experienced phishing attempts, showing just how constant email inboxes are targeted.
Starting as early as the mid-90s, hackers leveraging America Online (AOL) services would bait and steal users’ credentials by means of an automated tool. The software, known as “AOHell,” enabled bad actors to “phish” for data using authoritative or manipulative messages to users. This is when the term was originally coined.
Despite its primitive origins, phishing has endured throughout the decades and only increased in its frequency and sophistication – all because it works. But what is the key to its success? Phishing targets the weakest link in the cybersecurity chain – the human user. The average person is left at the mercy of unscrupulous cyber criminals that have perfected their phishing tactic to exploit any vulnerability.
What, then, can the end user do to protect against phishing attacks?
1. Learn the lingo
The most common vehicle for phishing is email. Educating yourself with the common phrases, grammar, and techniques of phishing will assist in identifying red flags.
Look out for phrases like:
- “Urgent request”
- “Verify your account”
- “Final warning”
- “Your account may be compromised”
These are scare tactics used to trick you into providing your personal information and/or login credentials.
Be wary of poor grammar – any legitimate business that is contacting you (1) would not request personal information via email and (2) would not send messages that contain poor grammar or spelling errors.
2. Think before you click
Phishing emails may contain a malicious attachment or link. Always be suspicious of any strange email, even if it appears to be from a familiar person or entity. If the email does contain a link for you to click, hover your mouse cursor over the link to show where it directs to. If you’re not familiar with the site or if it differs from where you’d expect to go, don’t click!
You can also open a new web browsing window and type in the real URL yourself. You should be able to sign in to your account and view any real notifications from the sender without clicking on the link provided in the email.
3. Look for the padlock
Before submitting any personal information into a website, make sure the URL begins with “https” and look for the “padlock” icon near the address bar. If you get a message stating a website may contain malicious files, do not continue navigating to the site.
4. Keep your systems updated
Important system and application updates are frequently released in response to gaps in security which are discovered and exploited by bad actors. The moment an update is made available, download and install it to secure your system.
5. Use antivirus software
Even with other precautions, some malicious code may still be downloaded onto your system. Install and regularly update antivirus software to safeguard against this. Use anti-spyware and firewall settings for extra protection, particularly against more advanced phishing attacks, as well as other common cyber threats.
The weakest link in the cybersecurity chain is the human user, so the best way to protect yourself against phishing attacks is to be an informed user. Look for the red flags. Keep your system and security software updated. Recognize the risk and protect yourself against becoming a victim of phishing.
Stay informed with industry-relevant emails curated by our team of experts.
Sorry, we couldn't find any posts.