Top 10 Tips to Detect Phishing Scams
Everyone is susceptible to a phishing attack. Often, phishing emails are well crafted and take a trained eye to spot the genuine from the fake. In this article you will learn top 10 tips to detect phishing scams.
Simply put, phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. The information is then used to access important accounts and can result in identity theft and financial loss.
There are, however, ways to make yourself less of a target. Keep in mind our ten top tips to stay safe online.
1. Name of sender can trick you.
Email addresses and domain names can be easily spoofed. It is, therefore, crucial that you check the domain name for spelling alterations on suspicious emails. Even if they appear to have come from a trusted sender, always double check.
2. Check for typos.
Attackers are often less concerned about being grammatically correct. Which means that typos and spelling errors are often evident in messages. Such errors in an email could be a good indication that the message is not genuine.
3. Do not share sensitive information hastily.
Any email that asks for sensitive information about you or your company is suspicious. For instance, no bank will ever ask for personal information over an email. Directly call your bank to ascertain if an email is genuine or not.
4. Don’t fall for URGENCY!
Phishing attacks use scare tactics such as urgency and authority to trick victims into taking immediate action. Emails that ask to share personal information or to make cash transactions are… ‘phishy’.
One good example of this would be that of KrebsOnSecurity. The site heard from a reader in South Africa who recently received a text message stating his lost iPhone X had been found. The message addressed him by name and said he could view the location of his wayward device by visiting the link https://maps-icloud[.]com — which is most definitely not a legitimate Apple or iCloud link and is one of countless spoofing Apple’s “Find My” service for locating lost Apple devices.
5. Hover but don’t click.
Hover over URLs. If the alt text does not match the display text, or if it seems strange, DO NOT click on it.
6. Attachments can be dangerous.
Hover over attachments to check for an actual link before you click on it or download it. But, if you are still unsure of the sender, do not click on the link.
7. Is it too good to be true?
If it sounds too good to be true, chances are it is! Phishing attacks use fake rewards to tempt victims to take action. You wouldn’t win a lottery if you never participated.
8. Keep your devices up to date.
Devices, and the applications on them, are more susceptible to attacks when systems are not updated. Maintain your antivirus and regularly check for updates.
9. Regularly check your accounts.
Check your accounts regularly to ensure that no changes have been made without your knowledge. Staying on top of your accounts, and knowing what data is held in each, will make spotting a phishing attack easier.
10. When in Doubt, Call out.
If you suspect that the security of your work device or data has been compromised, inform your cyber security team or your manager immediately.