Protecting yourself from fraud is always a priority, but because October is Cybersecurity Awareness Month, now seems like a great opportunity to brush up on your fraud-prevention skills. Here are a few simple but effective practices to help you spot and prevent phishing attempts, and a few tips on what to do if you have been phished.
What is phishing?
Phishing is a common tactic for cybercriminals to trick you into providing your personal information (e.g., bank account information, credit card number, account password) by pretending to be from a legitimate organization, such as a bank or a government agency. Phishing can be in the form of emails, text messages, direct messages or phone calls where the cybercriminals will ask for your information, such as credit card numbers, bank account information or account passwords.
How can you spot phishing attempts?
Phishing can be easy to spot if you know what to look for. Here are a few indicators that you might be getting phished:
- Suspicious sender’s email address: The sender’s address may imitate a legitimate organization. Cybercriminals often use an email address that closely resembles one from a reputable company by altering or omitting a few characters.
- Suspicious looking URLs: Cybercriminals usually send a message that includes a clickable link. The link routes to a spoofed website, which is an imitation of a legitimate website the cybercriminals use to steal personal information. You can hover over the link to reveal the full URL and make sure it’s legitimate. However, it is best practice to visit a website by directly typing in the URL instead of clicking on links in messages.
- Requests for personal information: In most cases, a legitimate organization would not ask for personal information through links provided in an email, text message or direct message. Contact the organization directly through their official website directly regarding suspicious emails.
- Suspicious attachments: Sending emails with attachments is a common way for cybercriminals to deliver malware. Malware can give cybercriminals unauthorized access to your device where they can monitor your activity and steal your personal information. Be alert and perform due diligence before opening or downloading attachments, such as performing a virus scan of the attachment.
- Urgent tone and grammatical errors: Cybercriminals often use urgent or threatening tones in their messages so that you feel compelled to respond or act. They also often make careless errors such as spelling and grammar errors. Contact the organization directly through their official website if you are unsure of a message’s request.
How can you recognize whether you have been phished?
If you have been phished, you may not notice it immediately – Cybercriminals may secretly be in your accounts without you knowing. However, there are some indicators you can look out for. Make sure to take action if you notice any of the below.
- Unauthorized transactions from your bank account or credit card
- Your device is unexpectedly running with low performance and does not improve even after a full restart
- Unexpected lockout notifications
- Unauthorized remote access to your device
- Your files on your device suddenly go missing or are deleted
- Unusual account activity such as emails being sent using your email address even though you did not send them
How can you prevent phishing attempts?
Prevention is better than cure – Preventing a phishing attack is always ideal than resolving an attack afterwards. Most of the time, following good cybersecurity practices will protect you from not only phishing attacks, but other cyberattacks as well. Here are some good cybersecurity practices to follow:
Using strong and unique passwords or passphrases.
Using passphrases is more ideal since it is longer and easier to remember than arbitrary symbols and numbers. An example would be “WhenIwasplayingsoccermyjersey#was18!”, which is something you personally know. Passwords such as “W1t*xaykj032!” or “mypasswordis1234” are either too difficult to remember or too easily guessed.
Using a password manager.
A password manager is a great way to generate strong passwords and track the passwords you have for different logins. There are many password managers but make sure it’s a trusted and secure website. Do some research before deciding which password manager to use.
Enable multi-factor authentication (MFA).
Typically, when you sign into your online accounts, it is authenticated using a username and a password. Many online services now use MFA to make your accounts more secure. On top of your username and password, MFA uses a secondary step to authenticate your identity. This can either be a PIN, a secure USB key, fingerprint recognition, or a text to your phone number. Enable (MFA) for your accounts whenever possible.
Regularly back up your important data.
If you are phished and happen to download malware that deletes your files or ransomware that locks your computer, having your important data backed up can avoid a lot of stress. Backing up important documents to an external hard drive or a USB can give you peace of mind for those essential data that you might need. Having a backup schedule and encrypting your drives adds an additional layer of security.
What to do if you have been phished?
If you think you have clicked a suspicious link and or gave your information to a cybercriminal, here are a few tips to help you:
- If you think your banking information has been leaked, notify your bank immediately. They have a fraud department who will take the necessary next steps and help you with your account. Notifying the bank also lets them be aware of the phishing attacks and they can take appropriate prevention steps to help their customers.
- Change your passwords or passphrases if you think your accounts have been compromised. If you know you’ve logged in from a fake website, or if you downloaded an attachment that is infected with malware, take some time to reset your passwords.
- Scan your computer for viruses. Use anti-virus software to scan for potential malware on your computer. There is some trusted anti-virus software online as well as built in anti-virus applications on your computer.
At your workplace:
- Report on what happened and what information was leaked to your company’s IT department.
For additional guidance and solutions, visit Coast Capital’s Cybersecurity Hub.