How to Identify and Avoid Phishing Scams

Stop your email account and passwords from being hijacked by a total stranger

Chances are this has happened to you or someone you know before: You receive a strange email from a family member, friend, or colleague, and you realize that their email account has been compromised.

Millions of people every year have their email accounts hacked, and its certainly not something you should take lightly. Dont deceive yourself into thinking theres nothing of value in your inbox; the truth is, we are living a large part of our lives via email.

The inbox has it all: photos; contracts; invoices; reset passwords for every other account; and even passwords or credit card PINs. Our emails are also interconnected to all our other digital accounts, from digital banking and social networks (LinkedIn, Twitter, Facebook, etc.), to cloud services (Google Drive, iCloud, Dropbox), online shops, and more.

A Powerful Method of Attack

Email is one of the most powerful attack methods in a cybercriminal’s arsenal, simply because so many people depend on their email in their day-to-day lives. What makes email so dangerous is the fact that these criminals can pretend to be someone or something else, such as your friend or your bank. These email attacks – often called phishing – work by tricking you into taking a particular action, such as handing over sensitive information such as a password or credit card number, or downloading malicious software (called malware).

In addition to general phishing attacks, cybercriminals utilize a more targeted attack called spear phishing. This is a highly-customized attack where only a few emails are sent to specific individuals within the organization. These emails can appear to be very realistic, often with a subject that is relevant to the victims job, or that appear to have been sent from individuals that the victim will trust. Spear phishing attacks are harder to detect, but also require more work and more research by the cybercriminal.

Learn to Protect Yourself

In most cases, simply opening an email is safe. For most attacks to work, you must do something afterreading the message, such as opening an attachment, clicking on a link, or responding to the request for more information.

So, to protect yourself fully from cybercrime, keep the following in mind:

  • Set strong and unique passwords. This should be the first and foremost step undertaken. The two main characteristics of a good password are its strength and uniqueness. A strong password should be long enough (aim for at least 8 characters), and include upper and lower cases, numbers and symbols. Dont use your name or nickname, your date or place of birth, nor the name of any of your family members or friends (pets included).
  • Activate two-factor authentication. This is the second most important step you should take. It works as an extra protection layer, besides passwords. The second factor usually consists of a unique passcode thats time sensitive and you can only receive it through your mobile phone or some other physical object that you have.
  • Install a strong and reliable antivirus and regularly update them on all your devices. An antivirus that will keep you safe against the newest generation of malware.
  • Just because an email comes from a friend or someone you know does not mean the email is safe. Cybercriminals may have infected their computer. If you are suspicious about an email from someone you know, call the person to verify if it was truly sent by them.
  • Be skeptical of any email that requires immediate action, creates a sense of urgency, or threatens to shut down your account.
  • Be careful of attachments and only open attachments you are expecting. Cybercriminals can send you infected attachments that can potentially bypass your antivirus.

If you receive an email and you are not sure if it is an attack, contact your IT team. You are the last and most important layer of defense against phishing. Don’t be an easy target; do the basics.