Phishing attacks continue to evolve and become more sophisticated. Attackers improve their ability to craft messages designed to lure victims and to design websites that appear to be authentic – increasing the chances that you will be caught off guard. Attacks have also expanded from being primarily email based to SMS text messaging and social messaging platforms. You need simple steps you can use to protect yourself from becoming a victim of a phishing scam.
Follow these 5 steps to avoid being a victim and protect yourself from phishing scams.
1. Be Skeptical: It is better to err on the side of caution. Unless you are 100 percent sure that a particular message is legitimate, assume it is not. That holds true for email, text messaging, and social media messages. You should never supply your username, password, account number or any other personal or confidential information via email and you should not reply directly to the message in question.
Ed Skoudis a respected security professional and instructor with SANS, says “If the user really suspects that an email is legit, they should: 1) close their email client, 2) close ALL browser windows, 3) open a brand new browser, 4) surf to the ecommerce company’s site as they normally would. If there’s anything wrong with their account, there will be a message at the site when they log in. We need people to close their mail readers and browsers first, just in case an attacker sent a malicious script or pulled another fast one to direct the user to a different site.”
2. Use the Old-Fashioned Way: An even safer means of verifying if an email regarding your account is legitimate or not is to simply delete the message and pick up the phone. Rather than risking that you may somehow be communicating with the attacker or mis-directed to the attacker’s replica website, just call customer service and explain what the message stated to verify if there is truly a problem with your account or if this is simply a phishing scam.
3. Do Your Homework: When your bank statements or account details arrive, whether in print or through electronic means, analyze them closely. Make sure there are no transactions that you can’t account for and that all of the decimals are in the right spots. If you find any problems contact the company or financial institution in question immediately to notify them.
4. Let Your Web Browser Warn You: All of the current major web browsers have some sort of built in phishing protection. These browsers will analyze websites and compare them against known or suspected phishing sites and warn you if the site you are visiting may be malicious or illegitimate.
5. Report Suspicious Activity: If you receive emails or other messages that are part of a phishing scam or even seem suspicious you should report them. Douglas Schweitzer, author of Incident Response: Computer Forensics Toolkit, says “Report suspicious emails to your ISP and be sure to also report them to the Federal Trade Commission (FTC) at www.ftc.gov“.