Phishing is defined as the scammy approach of extracting passwords and data through electronic communication channels without the knowledge of the owner. Phishing has existed for approximately two decades, but surprisingly enough, people still fall victim.
Oliver King, the Customer Success Manager of Semalt Digital Services, shares his experience on how to safeguard yourself from phishing.
In June 2013, Kaspersky Lab, a security firm estimated that approximately 37.3 million people had fallen victims of phishing attacks in the last year. Among those affected include 1 million UK citizens. According to Symantec, phishing activities in 2013 contributed to 392 emails on a daily basis.
Spam filters used by webmail providers and companies are critical in fencing out phishing attacks. But, in case some find their way to your mail box, they can adopt the following measures to ensure that you don't fall victim.
If it looks suspicious, most likely it is wrong
In most cases, phishing often appears to be fishy. Typos are good signs to indicate that an email is not legit. The Guardian may be against this point, but in case your bank sends you an email, typos are a red flag.
Have a careful look at the email address
If you frequently receive emails from a given company, in most cases the organization uses the same address. When you receive an email from other new addresses, you should be concerned.
Be careful with urgent deadlines and threats
In some instances, well-established companies compel you to execute a task urgently. For instance, eBay was obliged to request its clients to change their passwords urgently as a result of a cyber-attack.
Be keen on impersonal introductions
PayPal, Amazon, bank, etc. each time they send you an email, they must start with your name. Contrary, a phisher sending a myriad of emails fails to do this. This is the reason why emails from reputable companies address you by name for example, "Dear John".
Ignore embedded forms
If you receive an email with an embedded form requesting you to fill personal data such as login details and back credentials, don't do it. Reputable brands will never make such as request via an email.
Be keen on web links and phone numbers
If an email requests you to call a number and give personal credentials via the phone, try to get more official information from the company's staff and use the known number of the organization instead. If you are prompted to open a link that seems legit, move your cursor over it to determine if you are being redirected to a different page.
Be careful of spear phishing
This advice holds for outdated email-oriented phishing attacks that are geared towards attacking a huge number of people with a hope that a significant fraction will fall victim.
Spear phishing is a customized type of attack: instead of "Dear Client" an email may address you by your real name or refer to a transaction that you have just executed.
Don't associate phishing with the email only
Phishing attacks are closely linked with the email, but they happen in other different ways. Fake websites and instant messaging applications are some of the other channels through which, phishing attacks can be launched.