For all its sophistication, phishing relies on one of the most basic human foibles: trust. Hence, it is important to remain skeptical upon receiving any form of digital communication, whether email, text, or even social media messages.
Here are some ways to better detect and prevent oneself from being a victim of phishing attacks.
Spotting malicious websites
Users should check the website design and formatting. Malicious sites typically have pixelated logos, buttons that differ from the company's usual colors, weird paragraph breaks, or extra spaces between words.
Filing out forms with personal information on websites without SSL certificates renders users vulnerable to cybercriminals, too. Hence, users should always check if the URL in the address bar contains the "https" abbreviation and a lock icon before giving their personal data.
Detecting email scams
Phishing emails usually sound desperate: They coerce people into clicking links or downloading attachments immediately by instilling fear. These emails sometimes claim that the subject in question risks having his account closed or compromised.
When in doubt, hover over the URL found in the email: If the URL displayed differs from what is shown in the email, there is a good chance that the user will be redirected to a malicious site.
Users should also be wary of emails containing attachments from unknown and unexpected sources. It is better not to open these attachments as they might contain malware that could easily infect one's system.
One can sometimes easily spot an email scam by carefully observing the message header. More often than not, the sender's email address looks pretty dubious: It imitates a legitimate email address, especially one from a business, but with slight variations.
Malicious emails or sites often have badly written and amateur content. There are a lot of grammatical errors and awkward sentence structures that seemingly sound as if a computer program or someone whose second language is English wrote them.
One should be wary of emails, text content, or voicemails that requests him to update or fill in personal information. He should be extra cautious, especially if the digital communication came from a bank or statutory board such as the IRAS. One should also be skeptical of communication requesting for his credentials.
Taking other precautions
One should install and regularly update firewalls and anti-malware software on their computer. He should also refrain from using public computers, especially when making online banking transactions and regularly update one's passwords.
When in doubt, contact the organisation in question to check if the suspicious communication is from them. One should also check his bank statements regularly for unauthorised transactions.
Although instinctively ignoring or deleting suspicious emails seems like the easy way out, employees working for organisations should report them to the IT team: After all, the IT team could better advise employees on the next steps. Employees should likewise report suspected phishing attempts to the person or organisation being imitated. They should then delete the suspected emails and empty their trash bin immediately after reporting the suspected phishing activity.
By following these simple tips, one won't have to worry about falling for phishing attacks hook, line and sinker.
Sign up for Computerworld eNewsletters.