phishing scams

8 ways to fight phishing: How to protect against phishing scams?

All of us who use the Internet have suffered phishing scams and attacks: fake emails from a seemingly reliable source, designed to convince us to click on a malicious link, reveal confidential information, or give unauthorized access to a system. CyberArk has published 8 tips to avoid falling for this phishing.

  • Choose your friends wisely. This is solid advice in real life, and even more critical in the digital world. If you receive a LinkedIn message or Instagram friend request from someone you don’t know, don’t reply, accept or click on any links in the message… which brings us to tip #2.
  • Do not click on hyperlinks. Never click on a link from an unverified source. And remember that even emails sent from known sources can lead to problems: malware, ransomware, and viruses can spread by scanning your device for other email addresses, then being sent to those email addresses in messages supposedly “sent” by you.
  • Urgent? Not so fast… Many phishing scams emails and messages attempt to create a sense of urgency, making the recipient fear that their account or information is in jeopardy. Here’s a real example from the Federal Trade Commission: “Our records indicate that your account has been overcharged. You must call us within 7 days to receive your refund.” If you receive a suspicious email that appears to come from someone you know, contact that person directly. If the email comes from an organization but still looks “fake”, contact them through customer service to verify the communication.
  • Stay away from that personality quiz and think twice before posting that update. Social media quizzes are a fun way to kill time (who doesn’t want to meet their celebrity doppelganger?), but they’re also a great way for attackers to get their hands on your personal data. By taking a seemingly harmless quiz, you can reveal things like your full name, birthday, or employer. The same advice applies to your regular social media posts: think twice before posting too much. Cybercriminals can use all this personal information to take advantage of you. What’s more, you could be handing them the answers to your security and password recovery questions.
  • Disable location sharing whenever possible. Attackers can use location-sharing information to craft phishing messages that look very timely and relevant. For example, your location is embedded as metadata in every photo you take with your phone. Turn off location services when you’re not using them to make it harder for hackers to see this information.
  • Protect your personal computers and cell phones. US-CERT recommends installing antivirus software and personal firewalls on your personal devices and making sure they are configured to receive automatic updates. It is also essential to keep professional and personal use separate, especially if you work remotely: don’t use your corporate device for convenience to surf the Internet, shop online, browse social networks or check personal email.
  • Regain control of your spam folder. Although not all messages that fall through your spam filter are phishing scam emails, many of them are. Spend some time this month cleaning up your junk mail (or set up filters to keep junk out of your inbox). Check out this helpful list from CISA on how to reduce spam and say goodbye to those fake business opportunities, chain letters, and too-good-to-be-true diet scams.
  • Protect your online accounts with Multifactor Authentication (MFA). According to National Institute of Standards and Technology (NIST) guidelines, the passwords and passphrases you use should be as long and complex as possible, and never use them on more than one site. But if you think passwords alone will protect you, think again. Many digital accounts, such as email, online banking, and social networking, offer the option to enable MFA to add an extra layer of protection to the login process. MFA usually combines at least two of the following:

  • Something you know: a password, a PIN, or the answer to a security question
  • Something you have: a mobile device
  • Something you are: a fingerprint or facial recognition