Phishing is a serious issue today, with attackers targeting both individuals and organizations. Those who are unaware of how phishing scams work are at risk of having their accounts compromised, potentially leading to significant financial loss or data loss. But what exactly is phishing, and how can you prevent it? Tyler McCollum, Director of IT at AppTech Payments Corp., explains this common cyberattack and some effective defenses.
What is Phishing?
Phishing is the term used to describe a method malicious actors use to trick people into handing over their login credentials. Think of it like “going fishing” for account details. Attackers make fake emails and login forms and send them out to many people, hoping that at least one or two of them will take the bait and try to log in with their real account details.
These attacks are inexpensive to perform and are, therefore, very popular. When most people think of hacking, they think of genius programmers spending hours looking for complex ways to break into the target system. While there are cyber criminals who work in this way, social engineering attacks such as phishing are often used because they target the weakest link in any system: the users.
Five Ways to Protect Yourself from Phishing Attacks
Try the following strategies to protect yourself against phishing attacks:
- Choose strong passphrases
Most apps and websites have strict requirements for passwords. For example, they might demand a password:
- 12 or more characters long
- Includes upper and lower-case letters
- Has at least 1 number and unique character
Making a short password that meets those requirements is difficult. However, using a passphrase, such as a song lyric or movie catchphrase, is relatively easy, and you can follow a consistent system to make a memorable passphrase, for example: “lif3islik3aboxofchocolat3s88!” is relatively
easy to remember, and hard for an attacker to brute force.
- Don’t re-use your passphrases
Many cyber attackers will try credentials gained from one website on many other websites, hoping for a match. This makes password re-use incredibly dangerous. Users often fall victim to the temptation to re-use passwords because strict password policies make it hard for them to remember all of the login credentials they need to use on a daily basis.
If you find it hard to keep passphrases in your head, even after following the first tip, consider using a password manager to help you securely keep track of the passphrases you use on each site.
Using unique passwords helps reduce the risk of a minor security breach becoming a catastrophe. If you use the same password for lots of different cloud services, even if you’re diligent about avoiding phishing attacks, if one of those services experiences a data breach, your passphrase could be leaked.
- Use Multi-Factor Authentication (MFA)
MFA adds an
additional layer of security by requiring users to authenticate themselves via a second method after entering their username and password. Tyler McCollum, Director of IT at AppTech Payments Corp., emphasizes the importance of using MFA to ensure optimum security. Even if an attacker gains access to a username and password, if they don’t have the authenticator key or access to the email address used as the second authentication factor, they won’t be able to breach the account.
- Never click links in unsolicited emails
The most basic form of phishing involves sending unsolicited emails with a link for the user to click. These emails often create a sense of urgency. For example, “warning: your bank account will be disabled if you don’t provide this information within 7 days.”
Never click a link in an email, unless you were expecting that mail.
- Trust your instincts
Not all phishing attacks are bulk emails. Some criminals engage in highly targeted attacks known as spear phishing, where they’ll tailor emails or messages to the target, making them more tempting to click. If you receive a message and something doesn’t feel right, trust your instincts.
Verify the message using a different communication method. For example, log in to your bank’s app or contact the individual using their email or a phone number you have for them. If a login form looks “off,” perhaps because it uses a font you don’t recognize or your browser showed an error before it loaded, leave the site, open a new window, and type the address manually. Don’t be a phishing victim. The above are just a few tips for how to avoid being phished. There are many other things you can do to
avoid phishing scams. If you get into the habit of using strong passphrases and exercising caution when logging in to new services, you’ll be far less likely to fall victim to these scams.
