Top 10 Ways to Defend Against Phishing
22 January 2018
Phishing is a form of online identity theft that aims to fraudulently obtain personal information by sending spoofed emails that look like they come from trusted sources, such as banks or legitimate companies. Here are 10 ways you can fight phishing.
- Keep your operating system patched to avoid known software vulnerabilities from being exploited. Install patches from software manufacturers as soon as they are distributed, since hackers can quickly assemble malware using pre-made components to exploit the vulnerability before the majority of people download and install the patch. A fully patched computer behind a firewall is your best defence against Trojan and spyware installation.
- Download the latest version of your browser to ensure that it is up-to-date. The newer versions of Internet Explorer have a feature called SmartScreen Filter, which can help you identify reported phishing and malware websites and malicious software downloads. Anti-phishing extensions are also available on other browsers such as Firefox and Chrome.
- If a link in an email leads to a website, check the domain name of the site, as an indicator of whether the site is legitimate. Users can hover their mouse over the link to ensure that they are being directed to the URL stated. For links that are shortened, you can use CheckShortURL (www.checkshorturl.com) to restore the shortened link to the original length. You should also ensure that SSL encryption is being used (look for “https:” in the URL). However, as the origin of an email, the location of a page, the use of SSL encryption and browser lock icons can be spoofed, you can’t rely on these checks as an absolute indicator that the communication or site is safe.
- Typically, phishing emails would ask for recipients to click on a link to verify or update contact details or credit card information. Like spam, phishing emails are sent to a large number of email addresses, with the expectation that eventually someone will read the spam and disclose their personal information. Never click on links in unsolicited emails, and ignore emails with call-to-action subjects (such as “Your account will be terminated!”). When in doubt, call the company in question using a phone number that can be verified outside of the email.
- Be cautious when downloading any software from the web. A legitimate piece of software could be saddled with piggyback spyware, or even contain keyloggers or screen scrapers that could be used to steal your information. You should avoid free screensavers and other freebies. In addition, you should also be wary when opening email attachments (such as a video, graphic, or a PDF), even if they are from someone you know. To protect yourself and devices, use an email-scanning software to scan incoming email attachments and hyperlinks for viruses, malware and spyware.
- Use software that automatically checks to see whether a URL is safe before visiting the site. You can check the validity of individual web addresses (URLs) with a WHOIS search, such as http://whois.domaintools.com, which has a search tool that displays the contact information for any domain/IP based in almost any country.
- Use an Internet Service Provider (ISP) that implements strong anti-spam and anti-phishing technologies and policies. Users can check with their respective ISPs for more information about the anti-spam and anti-phishing services that are available.
- Review credit card and bank account statements as soon as you receive them to check for unauthorised charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
- Be an early adopter of new technologies. Techniques such as two-factor authentication (2FA) are being used by banks and credit card companies to make online transactions more secure, so make sure to take advantage of them.
- Keep all your software and applications up-to-date, including your anti-virus software. Updates keep you safe from known security vulnerabilities which hackers exploit for their malicious intents.
Defend yourself against phishing and get started on these tips today!