Contributed by Kristin A Abraham| February 14, 2017| Tags: Security

​Phishing is a widespread problem and poses a huge risk to individuals and organizations. Phishing has – in one form or another – been around for years via phone calls and physical letter scams. Now, cybercriminals view phishing attacks as a successful and easy way to get their foot in the door of a company or a personal network to launch more sophisticated attacks.  Humans are often the weakest link. So, what can you do?

  1. Be sensible and smart while browsing online and checking emails. Never click on links, download files or open attachments in emails (or on social media) you weren’t expecting or from people you don’t know. Be wary of emails asking for confidential information – especially if it asks for personal details or banking information. Legitimate organizations, including and especially your bank, will never request sensitive information via email.
  2. Watch out for shortened links. Pay particularly close attention to shortened links, especially on social media. Cybercriminals often use these to trick you into thinking you are clicking a legitimate link when in fact, you’re being inadvertently directed to a fake site. Always place your mouse over a web link in an email to see if you’re actually being sent to the right website – that is, the one that appears in the email text is the same as the one you see when you mouse-over.
  3. Does that email look suspicious? Read it again. Plenty of phishing emails are fairly obvious. They will be punctuated with typos, words in capitals and exclamation marks. They may also have an impersonal greeting – think of those ‘Dear Customer‘ or ‘Dear Sir/Madam’ salutations – or feature implausible and generally surprising content.
  4. Be wary of threats and urgent deadlines. Usually, threats and urgency – especially if coming from what claims to be a legitimate company – are a sign of phishing. Some of these threats may include notices about a fine or advising you to do something to stop your account from being closed. Ignore the scare tactics and contact the company separately via a known and trusted channel.
  5. Browse securely with HTTPs. Whenever possible, use a secure website (indicated by https:// and a security “lock” icon in the browser’s address bar) to browse, and especially when submitting sensitive information online, such as credit card details. Never use public Wi-Fi for banking, shopping or entering personal information online.

Stay safe out there!