Knowing how to protect yourself from phishing can seem difficult and overwhelming at first. The cyber security industry uses lots of buzzwords that make simple issues a lot more complicated than they really are. However, phishing is a straightforward type of attack. In simple terms, phishing is an attack that attempts to steal a user’s password or personal information. Phishing often occurs by email but is now very common over text. Usually, it looks like an message from a company you know and trust asking you to reset your password or login into your account. This is a phishing email looking to steal your account password with a fake webpage that looks like the real company website.
This post will dive deeper into how to protect yourself from phishing. I will give you set of guidelines to help keep you safe from phishing. The goal of this article is for you to walk away knowing how to best protect yourself against phishing.
What to Do If You Receive a Phishing Email/Text
The safest thing to do if you receive a phishing email is to ignore it, report it, block the sender, and delete it. Never respond to the email or hand over any information. It can be tricky to catch a phishing attack before its too late. We have created resources to help you identify phishing emails. Use this guide to spot phishing emails. This article mainly talks about emails, but the same is true for phishing texts.
Do Not Click Links
The easiest way to protect yourself from phishing is to never click on links in emails. The danger of clicking on links in an email is that you never truly know where links will take you. Phishing emails use the context of their message to get users to click on a link. The message will be really convincing with a good reason to click. The link will even take you to a webpage that looks just like a normal login page. However, a phishing website is designed to look identical to a real website to steal your password.
It can be really hard not to click on links. We all want to do it. It is tempting to click on links because that’s what the internet has trained us to do. Every website is full of brightly colored buttons, banners, and popups labeled ‘click here’. It is no surprise that phishing is such a problem because we are all being programed to click on links.
Clicking on any links in an email puts you in jeopardy of mistakenly handing over your password to an attacker. That makes never clicking on links the safest solution. This really is the safest and best advice there is. It sounds so simple, yet can be difficult to practice. Phishers are good at what they do. They craft their messages perfectly to get your attention. They make you feel like you need to click on the link. With practice and discipline we can unlearn clicking on links in emails.
Open a Browser
Receiving a phishing email can be worrying. You may be concerned that your account has been compromised. You’re going to want to log into your account and check that everything is okay. It can be a good idea to log into your account after you get a phishing email to make sure your account is safe. However, you need to be safe when you go to log into your account. Do not use the link provided in the email. The link may look similar to the real website but could be fake. Instead, open a browser and go to the login page by searching for the website. If you previously bookmarked the page that makes things even easier. By using a search engine or bookmark, you won’t end up on the wrong page and accidentally hand over your password.
Do Not Open Attachments
Links to webpages are not the only way phishers deliver their attacks. Attachments are a common way to send viruses and malware to users. Not opening unexpected attachments is a good way to protect yourself from phishing. Often attackers will attach a word document, PDF, or a spreadsheet to an email hoping you’ll open it. When you open this attachment, you could be downloading and running a virus or malware on your computer. To protect yourself from this attack, do not open attachments that you were not expecting to receive. If you receive a file like an unexpected invoice or report, verify that it was sent by someone you know before opening it. Hackers will tempt you to open their email attachments the same way they try to get you to click on email and text links. Do not download or open files they you did not intend to receive.
Use a Password Manager
A password manager is great tool to make anyone safer online. The main benefit of using a password manager is stronger, more secure passwords. However, a password manager is a great tool to protect yourself from phishing. A password manager will auto-fill your password when you go to log into a website. If your password manager does not recognize the website you are logging into, it will not auto-fill the password. A password manager looks at the URL of the website to know if it has a password stored for that site. A phishing page will look like a real site, but the URL will be different from the legit website. A password manager can help you catch a phishing attempt because it will not auto-fill your password into a phishing website, even if it looks like a real login page.
iPhone’s have a built-in, easy to use password manager called Keychain.
Use Multi-Factor Authentication
Multi-factor authentication (MFA) allows you to better protect your accounts from all types of attacks. You may have used MFA before, it is now available with most online accounts. MFA requires you to verify a login attempt. You are sent a temporary code through a text message or an authentication app. Then you must enter this code after logging in. MFA helps secure your account from being phished. If you accidentally enter your password into a phishing website, attackers still can’t login without the code. This is the layers of multi-factor authentication at work. Requiring more than one piece of information to login makes your account more secure. Attackers can steal your password and are still unable to login if you are using MFA.
Stay Informed
There are a lot of great steps you can take to protect yourself from phishing. Staying informed can be just as powerful as the most advanced defense measures. It is important to keep up with new types of attacks and modern scam trends. Attackers evolve faster than software can adapt. Users must be alert to learn about attacks as they are developed. This gap in defense is where education is key. Security products will never be better than caution and awareness. Informed users are better at preventing attacks than the best tools.
Phishing is hard to defeat on your own. Always ask for help when you’re unsure. Look for answers on the web when you need help. There are so many resources available to help. The Dont Text blog provides lots of resources on phishing for both text and email alike.