Phishing is one of the most common online attacks. Last year 22 percent of attacks came through phishing, and if you’re not careful you could be a victim. This method of stealing someone’s data by spoofing a message from a legitimate company is an insidious trick that can be easier to fall for than you think.
Some phishing attacks are easy to detect, but others are far more sophisticated. You need to guard against them, and to do that you have to be prepared.
Using software tools
You can set up some software tools to stop phishing before it starts.
A firewall and antivirus that are kept up to date are the first tools you need. You absolutely have to have them, and you have to keep them up to date. There are also browser toolbars that can warn you about sites that don’t look trustworthy.
A password manager is also helpful. It will save your credentials and prompt you when you’re on a site to see if you want to use the saved username and password. If you don’t see a prompt from the password manager, you’re probably on a phished site.
Using common sense
The best way to avoid phishing is to not click on links from people you don’t know. That’s the foundation. But if you click on a link that asks for personal information, you should check some of the most obvious areas.
First look at the address bar. If you don’t see “https” before the address, get out of there. Then look at the address itself. And don’t just look to see if the site’s name is in there. Make sure it’s in the right place. If you see something like “amazon.phishing.com”, run away. “Amazon” isn’t the main domain there, “phishing” is. Subdomains come first and the actual name of the site is the last thing before the dot. If you see something weird or suspicious in formatting or address, close out and don’t enter anything.
If you open a link and everything still looks good but you’re still suspicious, you have a few other options you can check. Copy the address to WhoIs and check who it’s registered to. If it comes up with something weird, back out of there.
And you can always call, message or log in to whatever account it claims to be.
Phishing scams can be avoided with a little common sense, a few tools and a willingness to look beyond the surface. Safeguarding your own information and your organization’s starts with you. Make sure you’re doing your due diligence. And if you want some help with your security, contact TeamLogic IT. We’re here for all your information technology needs.