What is Phishing? How Do I Protect Myself Against It?

8 Simple Tips to Protect Against Phishing Scams

Luring consumers into giving up sensitive information—a practice commonly known as phishing—is one of the most common consumer-facing fraud tactics.

These attacks cost US consumers roughly $500 million each year. So, what can you do to avoid becoming a victim? Learn to identify the risks and how to best protect yourself.

Spear Phishing, Spoofing & Smishing: The Rundown

The names of different phishing techniques employed by fraudsters sound ridiculous, but there is nothing funny about the consequences. Criminals can use these strategies to gain access to sensitive information and drain your funds. That’s why 90% of phishing attacks target financial services and eCommerce sites.

The primary strategies for a phishing attack include:

Spoofing

A spoof attack is a non-personalized technique reliant on the fraudster tricking consumers into voluntarily surrendering information. This can be achieved by fraudsters creating a fake home page designed to replicate another site, such as a bank or online store. The fraudster might also send a message impersonating a trusted service and ask for personal information. Spoofing is traditionally done by email, though fraudsters are increasingly employing SMS messaging as well (a technique called “smishing”).

 

Spear Phishing

Unlike spoofed websites or mass emails, spear fishing is a targeted attack. Fraudsters will acquire some information about a prospective victim, then use that information to capture more. For example, a fraudster may find an email address, then look up further data such as the individual’s hometown, employer, or personal interests and hobbies. The fraudster then sends a fake message from an official-looking source—or may even impersonate a friend or loved one—and ask that individual to “verify” personal information.

Best Practices to Guard Against Phishing

Phishing is a serious threat facing consumers. PhishLabs identified more than one million phishing sites hiding on 170,000 unique domains in 2017—a 23% increase over the previous year.

Check out the following tips to help identify phishing attacks and learn how to protect yourself.

1. Don’t Click Suspicious Links: Be sure about where a link will take you before you click. Simply hover the cursor over a link to see a preview; this will allow you to be check the link’s destination beforehand.
2. Use Anti-Phishing Tools: There are free, officially-approved toolbars available for every major browser designed to check and detect phishing sites. The toolbar will run a check on each site you visit, warning you if the site is known to be associated with phishing activity.
3. Keep an Eye on Your Accounts: Don’t trust that you’re the only one accessing your sensitive accounts. Login and review activity on a regular basis. If you find suspicious activity, report it quickly to prevent as much damage as possible.
4. Avoid Popups: Phishing popups may try to fool you into believing that they’re a part of a legitimate site. Don’t click anything on such a popup—not even “cancel”—instead, close the window if possible, or use Task Manager to close the browser.
5. Use Antivirus/Firewall Software: Antivirus programs scan incoming files for malicious data, while a firewall blocks access to your system. If you keep both up-to-date, it will help protect your computer against new and developing threat sources.
6. Update Your Browser: There’s a reason your browser constantly prompts you to perform updates—to keep pace with new threats. Staying on top of these updates will help guard against vulnerabilities.
7. Be Judgmental: Phishing traps try to replicate real sites, but are usually filled with small mistakes that give them away. When directed to a site, look for signs of a lack of attention to details like poor design, misspelled words or broken links.
8. Be Skeptical: Phishing attacks want you to act quickly without thinking too hard about the request. Take it as a red flag if a prompt, popup, or email seems overly-desperate to collect your information.

Remember: Even with adherence to all the above behaviors and practices, there is no foolproof way to avoid phishing scams. If you have sensitive information, you are at risk of becoming a victim of a phishing attack.

Victim of a Phishing Attack?

If you find suspicious activity on your financial account—don’t panic! There is still a good chance that the activity is legitimate. You may simply be unable to recognize the billing descriptor.