But phishing, despite being extremely annoying, is actually easy to avoid, provided you know how to spot the warning signs that you might be hooked.
What’s phishing?
Phishing is a trick by hackers used to obtain passwords and other sensitive data from unsuspecting users via electronic communication, usually emails. These phishing emails are designed to look exactly like an official message from an otherwise trusted entity (banks, ISPs and other services) and typically contain either a link directing to a bogus login screen or an attachment infected with malware. However, note that there are more sophisticated phishing emails that simply disguise themselves as a message from an app requesting permission to access your data.
If that’s not scary enough, consider spear phishing, a fake message with seemingly harmless attachments sent in the name of a person the victim knows well. However, those attachments – that may even partially fulfill the ‘promise’ made in the fraudulent message – are actually malware that is launched the moment the file is opened.
A rotten bait
Even though phishing attacks do indeed pose a serious threat against many users, they are actually easy to spot for various reasons.
First and foremost, phishing emails are usually not even in proper English – which is a very easy giveaway. Second, hovering over the link that the phishing email contains will reveal the real URL, which will never match the domain name of the site that you think you were about to log into. And third, these messages usually contain an urging threat that might push unsuspecting users into perform an action, often suggested by the phishing email, with which they can avert the whatever concern it is that is contained in the message.
Battling against the evil horde of phishermen
Recognizing phishing attempts is one thing, but avoiding them is the best option. Thankfully, getting rid of the threat is not complicated, as it only requires a bit of extra attention on your behalf.
Be suspicious
Report phishing attempts to the authorities
Phishing emails are indeed annoying and they deserve to be deleted immediately. However, by reporting the phishing attempt to the Federal Trade Commission or forwarding the email to entities like the Anti-Phishing Working Group you can actually help the internet become less infected with phishing attacks.
Updates and antiviruses are your friends
Since attachments in phishing emails are never real attachments but malware that exploits a bug in the targeted software, this can be simply avoided by ensuring the device’s operating system and software is up-to-date.
It’s also highly recommended to use an antivirus like Windows Defender or Avast, which are capable of scanning incoming emails for viruses, alerting you in time to prevent you from opening infected attachments.
The blessing of two-factor authenticators
Two-step verification and two-factor authentication are great weapons against hacking attempts, providing an extra layer of protection for anyone but particularly those who have accidentally fallen for phishing emails. The reason behind the effectiveness of secondary authentication is that they prevent hackers from accessing the compromised data, since the login process cannot be completed unless the secondary key – an SMS code, a randomly generated passcode or a physical plugin device – is used.
Password managers: the a-bomb against phishing scams
Using password management software is the ultimate weapon against phishing scams for many reasons, one of the primary examples being the fact that many of these solutions alert users of compromised websites.
In addition to that, password managers also have the so-called autofill feature that automatically enters details into the respective input boxes of login screens of the pages that have been saved to the program’s database – which means that if the website is in fact a fake one (and therefore has a different URL) then the software won’t have stored the info and so won’t even try to enter login credentials, saving you from making the mistake of giving away sensitive data to hackers.
Zoltán G.
Adam B.
User feedback