When was the last time you received a breath-taking e-mail announcing that you’ve won the lottery from among tens of thousands of people – even though you hadn’t filled out a form? Or a message from a credit card company that requires additional security information and asks you to enter a full card number? Or a threatening SMS with a link to an unknown website? You may have thought it looked suspicious, but you didn’t resist the temptation to click the link provided.
Congratulations – you too have fallen victim to phishing!
In case this concept is not that familiar to you, phishing is a means of seduction for computer users on the web that tricks people into providing their personal or financial information: from personal passwords and usernames, to IDs, bank account numbers, and credit cards. Most hackers who lack background, or have gone through just a basic hacker course often use this tactic in the first stage of a cyber attack.
With advanced technology and cyber techniques, phishing activities are becoming more sophisticated and are catching up with quite a few people online.
Below, we’ve prepared a list of 10 common mistakes surfers tend to make innocently or without paying attention – so that you’ll know what not to do!
Mistake # 1- I got a free gift!
We all enjoy fantasizing about a sudden win that will make us happy, worry-free millionaires, and fix our lives. That’s exactly the expectation a hacker builds on, so be suspicious!
When you receive a winning email like this or a pop-up while surfing the net and are asked to open a link or fill in details, don’t be tempted. Chances are you stand to lose, not win something.
Mistake # 2 – It’s from my bank!
One of the most popular types of companies that hackers recreate is a bank or a credit card company, with the reason being obvious.
Accessing your bank account and credit card is the easiest and quickest way to get to your money, unless you keep everything under wraps.
In most cases, the reason for the contact will be a security measure, a threat to close an account, or a technical malfunction, and a link will lead you to a site almost identical to the original site – except that it’s not. Once you enter your password and username on the fake site, you’ve provided the details to enable a real session – and soon you’ll notice strange activity in your account.
It’s important to remember that no reliable company – and certainly not a financial institution like a bank or credit card company that relies on this type of sensitive information – will send you a request for details via unsecured means such as e-mail. If you still want to verify the reliability of the information you received by e-mail, log on to the site independently or call the company’s customer service number.
Mistake #3 – But it’s so shiny!
You’ve received a particularly attractive offer in your spam folder. It may be a product, software, or service with amazing conditions, and all you have to do is click on a link attached to the email and enter your credit card details. You can already guess how this ends…
You can identify the email as suspicious according to several parameters:
- The sender is an unrecognized entity and therefore winds up in your Spam folder.
- The application is generally addressed, and your first name isn’t written.
- A link to an external site is attached to the email.
- The offer by email is too good to be true.
- The email contains spelling or grammatical errors.
So if you encounter such an e-mail characterized by one or more of the above parameters, delete it right away and don’t click on the attached link!
Mistake #4 – It looks real!
You’ve landed on a site via a link or auto-completion in a browser? Pay attention to the URL of the site.
Fake sites are designed to resemble an original site as much as possible and will be really close, or even identical in design to the source site. The only difference that cannot be copied is the site’s unique URL.
Take, for example, the following URLs for a fake and an original site:
Original site: www.facebook.com
Fake site: www.facebook.ar.com
In many browsers—specifically, Internet Explorer 7, Internet Explorer 8, Google Chrome, Opera 9.5, Mozilla Firefox 3.5, Safari 3.2, and the more advanced versions of these browsers—when a site is suspected of being a phishing site, the URL bar appears on a red or yellow background.
In such a case, the company’s security workforce must be notified in order to prevent the mass disclosure of details.
Mistake #5 – It’s just a customer service call.
You’ve received a phone call from an unknown number and the caller identifies himself or herself as “customer service” from a famous company, trying to get personal information or credit information for whatever reason. Don’t do it, even if the person tries to convince you of special circumstances.
A more sophisticated form of phone phishing is a suggestion to help solve a computer problem or sell a software license. Once they’ve acquired your trust, you will be asked for a password and a username to install software through a website, which will enable the hacker full access to your information.
In any event, if you had taken any interest in the product or service, you would have already contacted the company’s official customer service center and requested the information. Of course, since the information was reliable, they would sell it to you with pleasure!
Mistake #6 – Let’s find out what this is!
It’s known that our most devoted friend, and the one that spends most of the day with us, is none other than our mobile device, the ultimate BFF! The one who wakes us up in the morning and goes to bed with us at night. It’s not surprising then that phishing mobile devices is one of the most effective online attacks, because who doesn’t go in to see the SMS they’ve received as opposed to the lower-urgency e-mail waiting in the inbox?
For this reason, the degree of danger increases exponentially, and your suspicion of SMS messages from an unidentified number – asking you to click on a link for the same reasons already mentioned before for this site or that – should be much higher!
An example of this might be: “Your card received a transaction on 08/25 for $300,” along with a shortened link courtesy of the credit card company to view the order. However, such a transaction was not actually carried out, and it’s actually a phishing message that simply aims to get the victim to click on the attached link.
Usually when you open links of this kind on your mobile device, the device itself triggers an alert message warning you that your data will be exposed and that you bear sole responsibility for any personal damage and loss of data. Don’t ignore it!
Mistake #7 – It has my name on it. Must be for me.
There are times when the hacker will be selected to conduct targeted activity for various reasons and will address victims by their first name in a private message in a social network that allows each user to be contacted without permission. Here too curiosity is what leads to trouble; the hacker’s reasons can change at any time and be very creative.
A classic example of this message: “Lol I saw a picture on Facebook that looks like a profile picture you have now. Is this your picture by chance?”
Of course, the message is accompanied by your name at the beginning and a link below, which, when clicked, asks to enter your Facebook email and password on a fictional site created to steal these details.
As with other common mistakes, do not open links from sources you don’t know, or enter your user details. You should also select to block people who are not your friends on the network from sending messages to you.
Mistake #8 – A password I won’t forget!
Each of us has many sensitive databases on our personal computer and dozens of sites throughout our network that include sensitive and personal information—e-mail accounts, bank accounts, credit cards, Facebook profiles, Twitter, PayPal, and many more.
Each of these accounts requires a password and user name or e-mail address, forcing you to generate multiple passwords and making it difficult to keep track of all the data.
Therefore, many users avoid the headache by creating a single password for all their accounts, and in doing so are not very creative, making do with passwords such as birthdates or the names of their children. This information is easily found on social networks and through a quick search on Google.
So despite the inconvenience, it’s important to maintain a varied password pool, with strong passwords that have combinations of letters, digits, and numbers.
Mistake #9 – It’s just a USB.
Any external drive that goes into your computer can house dangers as well. Note where you got the USB and whether the person who brought it to you is reliable.
To protect your computer from any possible external risk, we recommend that you install firewall and anti-virus software that create a buffer between the computer and any external device that wants to access it.
Personal firewall – Software that filters out outgoing information and logs on to a single computer over the Internet.
Network firewall – A program that usually runs on a network computer; it connects two or more networks and filters all the incoming and outgoing information into the connected networks.
Anti-virus software – A program that performs real-time computer scans at any run time and detects dangerous activity or factors, preventing penetration of the system. Besides performing ongoing scans, anti-virus software scans software to be installed as well as incoming and outgoing mail, and also performs user-prompted security scans.
Combining firewalls and anti-viruses greatly increases network security against hackers and external risk factors, allowing you to browse and install software more safely and conveniently.
Mistake # 10 – Great! Free Wi-Fi!
Who among us wouldn’t jump at the opportunity to access a free Wi-Fi network? It’s faster, allows for downloading heavy software, and most importantly – it’s free! What most of us tend to forget or are simply unaware of is that not all network surfers are innocent, and unsecured Wi-Fi networks open the gateways to phishing attacks.
These Wi-Fi networks are common at airports and don’t require a password and username. The network name may be unrecognized or similar to the official network name. The victim’s personal information is intercepted through the Wi-Fi network and the data is copied to the hacker’s computer. Next, the information is rerouted to the real wireless network and business continues as usual, making the hack difficult to discover until it’s too late.
In this case, you may not notice actual phishing activity for an indefinite period of time. Therefore, it’s important to stay away from such networks and use private surfing from your mobile, even if it costs a little more. And if you’ve connected to a network of this kind for any reason, never enter sites that contain sensitive information such as a bank account, credit card number, or personal profiles.
In conclusion, phishing attacks can catch you unprepared at any given moment. So, be skeptical, alert, and attentive to situations and activity that can expose you or your confidential information to hostile factors. Don’t be the “next fish” to fall in the phishing network.