Email phishing has been around for almost two decades, but many people still fall victim to it. This is no laughing matter as big corporations, tech giants and even digital security companies have experienced data breach through this scam.
So, how can you protect yourself from email phishing schemes? In this article, we will provide a comprehensive discussion on how this scam works so you can understand how to avoid phishing attacks. We’ll also provide email safety tips that will help you keep your online activities secure.
How Email Phishing Works
Email phishing becomes a success when you divulge information that would help criminals install malware on your computer and/or steal money from you. Most email phishing techniques are obviously malicious. For example, you may receive an e-mail from a person who claims that they have entrusted you with a huge sum of money and that you need to send your personal information to them.
On the other hand, there are more scheming scammers who may impersonate communication materials from the companies you trust, such as social networks, banks, online retailers, government bodies, or online payment firms like PayPal.
You may unexpectedly receive an email that looks like it has been sent by a financial services company or a bank. You will receive instructions on sending your account details or PIN either by a return email or directly via a fraudulent website. A duplicate of the actual site of an institution or the company you trust, the site often looks convincing.
In some cases, the email contains alarming messages, including the following:
- Your credit card has been cancelled
- Your bank account has been frozen
- Your software has to be updated, please confirm your data
The aforementioned are just some of the creative ploys that “phishers” use to steal personal information from their victims. Unsuspecting people either consciously or unknowingly provide their sensitive data. Criminals gain the opportunity to perform identity theft and other fraudulent activities, such as using their victim’s credit card or withdrawing their money.
Other “Email Phishers” Go to Great Lengths
Office 365’s Microsoft Exchange Online Protection (EOP) and Outlook.com have anti-spam filters that block emails that bear malicious phishing characteristics. These spam emails utilize common phishing techniques which may cause recipients to click suspicious links.
On the other hand, not all malicious links lead to fraudulent sites that are crafted to steal credentials and other sensitive information. There have been reports of certain “tech support scams” that have tricked users into giving their money in exchange for a “necessary” software update or service.
Users receive an email with links that lead them to a tech support scam website. Various scare tactics are employed to trick these unsuspecting people into calling fake hotlines that would require them to pay “technical support services,” supposedly fixing non-existent software, device or platform issues.
Every month, about three million users of various software and platforms are exposed to tech support scams. Some of them encounter these scams through email. On the other hand, most of them do not look like typical email threats:
- Most of these tech support scam start from malicious ads from websites that offer free download of pirated media or fake installers. Users are automatically redirected to sites where they are tricked into calling fake hotlines.
- Criminals carry out some of these tech support scams by using malware. Some of the malware entities they use include Monitnev, which follows event logs and displays fake error messages whenever an application crashes. The other malware they typically use is Hicurdismos, which shows a fake BSOD screen.
- Other scammers use cold calls and pretend to be a representative from a software company. Users will be asked to install applications that allow the scammers to remotely access their devices. By remotely accessing the user’s device, they can misrepresent system outputs as signs of issues. The scam telemarketer would then ask for payment in exchange for a fake solution.
Tips on How to Avoid Phishing Attacks
In the age of scams and viruses, it pays to be vigilant and careful on what we do online. Here are some emails safety tips you can follow to keep you safe from phishing attacks.
1) Be very cautious about emails that:
- Are not personalized
- Sent by unrecognized individuals or organizations
- Have urgent requests for financial or personal information
- Relay alarming information that causes you to take rash actions
Remember that your bank—and other online services you’re subscribed to—know your name. In contrast, legitimate companies typically address the email recipients by name. Email phishers typically send out mass emails, so they would open their messages with an impersonal introduction.
2) Submit personal information only via secure websites
- You may receive an email from your bank, instructing you to click a link and update your log-in credentials. Instead of clicking the link, it would be better for you to go directly to your bank’s website and submit the details there.
- Make sure that you are only conducting online transactions over secure sites. Look for indications that tell you the site is secure, such as a lock icon on the status bar of the browser. Another example would be a URL that starts with “https:”, which is a sign that the site is protected by a security certificate.
- As we’ve mentioned, phishing schemes can also happen over the phone. So, if you weren’t the one who initiated the call, do not divulge any personal information. Also, avoid emails telling to call a certain hotline to update your personal information.
3) Avoid opening attachments, downloading files or clicking on links in emails from unrecognized senders.
Even if you know the sender, you should only open attachments when you are expecting them and you know their contents.
4) Never send someone your financial or personal information, even if the recipient is someone close to you.
In the event that a hacker gains access to your email account or to the recipient’s account, they wouldn’t be able to take your sensitive details.
5) Secure your computer by activating spam filters, a firewall, anti-virus and anti-malware software.
Make sure you get high-grade software like Auslogics Anti-Malware. Remember to regularly update your protection to ensure that you are actively blocking new spyware and viruses.
While some reported phishing attacks were carried via spam emails, others came from other channels, including fraudulent websites and instant messaging software. It goes without saying that it’s essential to have software that offers comprehensive protection against identity theft and phishing attacks.
It is ideal to have an email and IM scanner that will protect you from the latest phishing schemes. Auslogics Anti-Malware is an ideal example of software that offers basic security features along with identity and privacy control, anti-phishing and IM protection.
These are just some of the ways you can protect yourself from phishing schemes.
If you have other suggestions, let us know in the comments below!
We are looking forward to your ideas!