Phishing scams, unfortunately, will not go away, but there are things you can do to protect yourself. Here we show you how to detect phishing attempts to keep your identity and data safe.
One in 99 emails received is the so-called phishing attack. These dangerous inconveniences cost companies and end users thousands of damages every year. Although no solution is 100 percent complete proof, there are things you can do to recognize and avoid phishing scams. Let's do this.
What is a phishing attack?
Phishing is a social engineering attack designed to steal user data such as login credentials, credit card numbers and other personal information. The scam, which can appear as an email, text message or instant message, is posing as a trusted entity. Expect to bite and voluntarily deliver your information by clicking on a malicious link. Most of these scams (51 percent) lead to a malware attack, according to Small Business Trends.
With a malware attack, a hidden file is installed on your computer. The archive performs tasks such as making unauthorized purchases, stealing funds or initiating identity theft. Some malware attacks also hold your device hostage. In these cases, you must pay a reward before regaining access to your computer.
How to detect scams?
When it comes to phishing scams, the first thing you should accept and remember is language, if something seems too good to be true, it probably is . In more explicit terms, if you receive a text message or email that promises you quick cash or a prize, it is almost certainly a scam. Unfortunately, these scams tend to be smarter with each passing year.
Phishing scams may include, but are not limited to these examples:
- Messages promising government refunds
- Gifts available with one click
- Notices alerting you of suspicious activity or login attempts
- Fake invoices that demand payment
- Note that your recent payment was not accepted
Phishing.org has published screenshots of real-life examples of scams These include a false security notice Paypal, a fake notice from Microsoft, an attack on LinkedIn, among many others.
Here is an example of a Microsoft phishing message:
Increasingly, mobile devices are no longer immune to phishing attacks. Therefore, also enable automatic updates on your iOS and Android devices. Companies like Apple and Google do a great job of identifying and frustrating attacks. However, it is up to you to make sure the updates are installed immediately on your devices.
You should also consider installing the free Google phishing tool, which alerts you if you enter your Google account password elsewhere than accounts.google.com.  Use multifactor authentication
Increasingly, companies offer or require multifactor authentication to protect their account information. With this type of authentication enabled, you must enter two or more credentials to log in to your account.
For example, with multi-factor authentication, also called Two-factor authentication or Two-step verification, you may need to add an access code that you receive through an email, text message or authentication application. A scan of your fingerprint, retina or face may also be required, depending on the organization.
Always use multi-factor authentication when offered; If you have no choice, ask if you should do business with that organization.
Yes, use a strong password
You must also create strong passwords and keep them safe. To better protect your passwords, consider:
- Using 10-12 characters for your password
- Do not use common names, dates or words in your passwords. Instead, use a combination of numbers, characters and symbols. Also, use a combination of upper and lower case
- Do not use the same password with multiple accounts
- Consider buying a password generator application / service such as 1Password or Dashlane.
- Do not share passwords on the phone, or by email / text message.
- If you must enter a password, make sure it is locked and out of sight.
Only make purchases on secure sites
In 2019, no one should buy items on an unsecured website. Unfortunately, it still happens. To ensure that the site you are visiting is safe, look for the https at the beginning of the web address.
Back up your data
Finally, be sure to back up your data regularly using an external hard drive or cloud storage. That way, if there are problems, you can reconnect as quickly as possible.
Probably a scam, now what?
If you suspect that an email or message received is a scam, you must first ask yourself if you recognize the account or company that has been contacted. If the answer is no, report the message and then delete it from your device. If the answer is yes, you should contact the company directly using a phone number or website that you know as legitimate.
Are you worried that you have already responded to a phishing scheme? In this case, visit IdentifyTheft.gov and follow the steps to follow based on the information you fear you may have lost.
You should also take things a step further and report phishing to the authorities. A good starting point for this is to contact the FTC.
On the FTC website, you will be asked to choose a category and subcategory of claims. If you cannot find a match, select the "Something else" option. From there, you must answer some questions related to your complaint and tell them what happened in your words.
Phishing scams, unfortunately, will not disappear, but there are things you can do to protect yourself. Following these steps will greatly contribute to adding more levels of security to your device. Peace of mind will follow!