The 4 Golden Rules to Prevent Phishing
Phishing, for the large part, is successful with hackers who rely on the vulnerability of people who:
- Read a “too-good-to-be-true” email and enter their credit card numbers
- See a text, and think, “That’s too good a deal!” and click anyway to give up a password
- See an “Unknown” number on caller ID and hope it’s their grandkid calling to say “hi”—but instead Li’l Johnny needs a wire transfer to the Bahamas to get out of a jam
It’s pretty common that once a credit card number is given, a password is stolen, a bank account is revealed and sensitive data of the utmost importance is breached, the road to identity theft and financial loss is fast and furious.
4 Golden Rules to avoid becoming a victim of phishing
1. Unknown number? Be cautious.
Tread with caution when you answer an unknown number. Make sure not to reveal personal, financial and investment-related information.
How to keep safe:
If you see a number and the caller leaves a voicemail saying it’s Li’l Johnny, take down the number and verify if that’s the case. If you want to be extra careful, dial #67 to mask your own caller ID.
2. Never click that link before hovering over it
We mentioned this in 4 Social Engineering Tricks Cybercriminals Use to Get Your Data to never click a link without checking it out first. This is one of the oldest tricks in the books—hackers will send you a phishing email with links that look OK to trick you into visiting an unsafe web page or downloading spyware/malware/ransomware that gives them access to your computer.
Before you click a link—image, email, text—hover your mouse over it. The address that pops up should match the email sender or website you’re going to.
3. Be wary of free public Wi-Fi and the Evil Twin
Evil Twin refers to public Wi-Fi names being spoofed. For instance, say at the airport, you see two Wi-Fi networks that are both named “O’Hare Public Wi-Fi”. Which one is real? Most likely, one is real, the other may be someone’s personal hotspot who is sitting nearby.
How to keep safe:
- Just avoid those tempting, free unsecured Wi-Fi hotspots
- Turn off “auto-connect” on your device
- If you do connect, does the URL start with HTTPS (“S” as you know, stands for “Secure”)?
- Use a VPN to encrypt your data before the hacker even sees it
4. Thar she blows! Whaling goes after the big boss!
Whaling is a highly targeted phishing attack, aimed at your organization’s senior executives. Because whaling attacks are generally well-planned, they’re more challenging to spot than run-of-the-mill phishing attacks.
How to keep safe:
One way companies can protect against whaling is to build phishing training into its culture by:
- Encouraging all employees to undergo security awareness training
- Identifying employees most vulnerable to such attacks, if that’s possible
- Restricting accounts that have previously been hacked or are hacked often
Phishing in the Real World has Been Going on Forever
Phishing and its cousins, Whaling and Spear phishing, are all about taking advantage of built-in social engineering. See a woman with a crying baby kneeling on the ground? While you help her out, someone else is picking your pocket.
Just like the mugger, bad apples, hackers, and black hats will stop at nothing to exploit your website and customers. In fact, with the explosive growth of online payments in the last couple of years, online fraud has never been more profitable. Fraud has itself become commoditized.
Connect with our team at firstname.lastname@example.org to learn more.