Protecting Yourself Online
Everybody has probably heard of phishing, but not everyone may know just how it works and how to protect oneself from it.
What is phishing?
Phishing is a cybercrime that compels the victims to give out personal information, such as bank details or even social security numbers.
The most common form of phishing is through emails, which look like they have been sent from official organizations or people you might know. These emails are made to look extremely accurate in order to reduce your suspicion. The address on the incoming email may be only one letter or number different from the email of someone you correspond with frequently, therefore enticing you to open it right away. There will usually be a hyperlink or an attachment inside the email for the victim to click on.
However, phishing can be also come in other forms, such as social media messages, false invoices and phone calls.
How do I recognize phishing emails and messages?
Among the red flags to watch for:
- Grammar and spelling errors.
- Words in the title such as ‘Urgent’ or ‘Important’
- The email will not be personalized, i.e., the salutation will be a general one if there is one at all.
- The sender’s email looks official but it is false. For example, you might receive an email from Fedex saying that you have a package waiting. FedEx (see the difference?) does not send emails to customers unless you have a FedEx account. If you are not sure, check the official company website.
- The email sender is requesting personal information. No bank or government entity will ask you for personal information via email or text.
Oftentimes, these emails and texts will ask you to click on an attachment or link. Do not click on or open it. Even if you do not provide the information they are phishing you for, just one click can allow them to install spyware on your computer or phone that can be used to extract information without your knowledge.
Don’t click on anything you do not recognize and always closely examine the format of the address and any attachments. If you’re not sure, delete the message.
If you do get something purporting to be from your bank, for example, check with them through official channels, such as the chat feature on your password protected account site.
To avoid having to deal with this at all, set up your financial accounts with two-factor authentication. This is the process used by legitimate sites to verify that you are who you say you are. When two-factor authentication has been set up, the site will send you a message at login either by text, phone or email asking you to enter a code before you can proceed. Also, activate your spam filter and ONLY share personal information on secure websites.
Additionally, protect your privacy on social media:
- Use a strong password. Do not reuse the same passwords on different websites.
- Use strong privacy settings. Review your app and device settings to configure the strongest privacy controls. This will help to keep your personal information from being seen by strangers and reduce the opportunities for ‘phishers’ to target you.
- Don’t talk to strangers. Only accept friend requests from people you know in real life. If you decline or ignore a request from a scammer, they’ll just move on.
- Don’t overshare. Never list your home address, birth date or any other personal information.
- If an unusual message or ad pops up in your social media account, do not click on it. Remember, if a family member needs your help, they will contact you directly, not via a social media site.
- Report abuse. If someone is stalking or harassing you online, block that person and report it immediately to the site and to law enforcement.
In summary, online safety is all about common sense. Trust your instincts.
? Sources: VPN Overview, IDX