What is a Phishing Scam & How to Prevent an Attack?
We live in an era where all our information and data is stored online protected by passwords and digital signatures. This has made all our lives easier as it has made the collection of information easier and, finding stored information has become a hundred folds easier than in the past. However, in this environment, there are new threats that everyone needs to be wary of. Phishing is one of these scams that most people wouldn’t be aware of, or aren’t too sure how to prevent. So, what is phishing? Phishing can be defined as a form of social engineering where a predator or an attacker tries to acquire some information from a person, company, or a group of people by impersonating a trustworthy third party. For instance, an individual will pretend to be from a large banking organisation or corporation when they have no ties to the company. They’ll then send a phishing email in order to get a person to click on the email link, also known as a ‘lure’, to acquire their sensitive information for later misuse. Most people don’t understand what phishing means but have probably received one of these emails. Generally they are masked and appear to be from what seems to be a trustworthy source claiming that somebody has hacked their account, or that they have ‘won’ a prize and need to provide their password. For most people, this phishing scam would appear trustworthy but in reality, this has been sent as an attempt to ‘phish’ for their personal information and passwords.
How to Prevent Phishing Scams
Password and information phishers are getting smarter every day and it’s getting harder to stay clear of these scammers. However, there are certain ways in which you can try and protect yourself and your organisation from getting Phished.
- According to Mr Stephen Swavely of Navigatum.com, one of the most important things to do in order to avoid getting Phished is to get your staff, as well as the home users, trained, so they can identify and differentiate phishing scams from genuine emails.
- You need to be cautious of any email or text from unknown users that require you to click on a Hyperlink or enter information and personal details.
- Make sure that the websites you’re visiting are safe and secure. One way to this is to double click on the green lock icon next to the https:// on the website address bar (if you’re using Chrome). If the click results in a warning sign or does not show anything then that website should be avoided, or at the very least no information should be shared on that platform. The green padlock ,on the other hand, is there to signify a ‘secure sockets layer’ which is an added layer of protection that is required for all websites who require personal data to be shared through a contact form, requesting a quote, or purchasing a product.
- Ask your staff to always type in the web address themselves rather than click through on the email that they have received. Advanced Phishers are much more dangerous as they imitate and forge the HTTP of websites that makes their scam seem genuine, hence, instead of clicking on a one should always type in the web address themselves. If your scam email was claiming that your account has been hacked then you can simply go directly to your account in a new browser and check for any internal error messages instead.
How to Know if You’ve Fallen Prey to a Phishing Scam
Knowing whether you have been phished or not is slightly more difficult than you expect. As Mr Swavely adds “Realistically there is no real way to ‘know’ that your password has been phished,” however, if you have any reason to believe that you or someone in your organisation have been subjected to a Phishing scam then there are a few things you need to do as soon as you can, such as:
- Keep a close eye on all your accounts and transactions.
- Contact all companies or personal you believe need to be on the lookout as well.
- Regularly check your credit reports for any abnormalities.
- Never use the same password or variation of a similar password for different platforms. Instead of using a similar password it is advised to take the aid of many passwords generating platforms that are available in the market today; and
- Staying away from shady third-party applications and programs.
In a case where you know that one of your passwords have been phished for certain the first and foremost action to take is to change the password immediately. If your computer has been compromised then all the files should be copied to an external source after which the computer should be formatted and factory reset. Lastly, the concerned authorities should be notified about the scam as soon as possible in order to minimise the damage.
Phishing is the kind of scam that has the potential to cost you or your business thousands of dollars. It’s important to always stay clear of phishing scams and more importantly teaching your employees and staff about what phishing is and how to avoid getting scammed.
At Deployus, we offer ongoing security services to check and monitor your companies cyber safety. We take active measures to reduce the risk of such an attack and should you fall prey to a phishing attack, our experts will be there to help you to recover every step of the way.