One of the most common ways cybercriminals attack their victims these days is phishing. In fact, in the first three quarters of 2015 the Anti Phishing Working Group reports the total number of unique phishing sites was 630,494. So while it’s increasingly common, the good news is it’s beatable, and it’s fairly easy to protect yourself.
Phishing (pronounced “fishing”) is a kind of identity theft. By using fake websites and false emails, these criminals attempt to steal your personal data – usually credit card numbers or login information for financial sites.
Criminals gain this information by sending you links to sites that look like sites you trust, like online banking or social networks, and then steal your data as you enter it in those fake websites. The most commonly spoofed sites are PayPal and Amazon, but banking sites and other retail sites like eBay are also commonly used sites.
Be wary of emails asking for confidential information, and especially financial information. Legitimate organisations will never request sensitive information via email, and banks will tell you to go to their site yourself and login, rather than clicking a link in an email.
Don’t get pressured into providing sensitive information. Phishers like to use scare tactics, and may threaten to disable an account or delay services until you update certain information. Be sure to contact the merchant directly to confirm the authenticity of their request.
Here are a few tips to keep you safe:
- Guard against spam. Be especially cautious of emails that come from unrecognized senders or ask you to confirm personal or financial information over the Internet and/or make urgent requests for this information.
- Only communicate personal information by phone or secure web sites. Pay close attention to the URL – the web address in your browser. If you see anything you think is unusual give them a call.
- When conducting online transactions check to see that the site you’re on is secure. Look for a lock icon on the browser’s status bar, or an “https:” URL whereby the “s” stands for “secure” (rather than a “http:”)
- Never click on links, download files or open attachments in emails from unknown senders. Only open email attachments when you are expecting them and know what they contain, even if you know the sender. If you’re not sure, ask the sender before opening.
- Pay close attention to emails and read them carefully. Watch for the warning signs like subject lines that seem odd, spelling or grammatical errors, and even a sender address that seems odd.
- Never email personal or financial information, even if you are close with the recipient. You never know who may gain access to your email account, and email may not always be completely secure.
- Be wary of pop-up windows, and never enter personal information in a pop-up window.
- Check your online accounts and bank statements regularly to ensure that no unauthorized transactions have been made since you only have a certain amount of time to report fraudulent charges to your bank or credit card company.
Lastly, remember that phishing isn’t always done by computer. Beware of phone phishing schemes as well – never divulge personal information over the phone unless you make the call. Be cautious of emails that ask you to call a phone number to update your account information as well.