It can be highly targeted, such as a voice call pretending to be technical support in a bid to get the boss to hand over their username and password. Bulk phishing, on the other hand, works by sending a generic message to many people, such as an email appearing to be from a major bank imploring the reader to log in and change their password.
Identity theft protection software can help protect you from phishing attempts and minimize the repercussions of falling for a phishing scam. Below, we detail some of the steps you can take to avoid being the victim of a phishing attack.
1. Don’t click on links in emails or instant messages
The most common form of phishing involves sending you a link in an email or social media message. The link may, at first glance, appear to come from someone you know, such as your credit card company. When you click on the link, you are either sent to a website that’s pretending to be your credit card company, or it links directly to malicious software, or malware, such as a virus.
Links in emails can easily be disguised to look genuine. Even prominent anti-scammer Jim Browning, who posts videos to YouTube where he exposes and locates scammers, fell foul to an email phishing scam that saw him temporarily delete his YouTube channel.
Instead of clicking on links in emails, visit websites directly by typing their URL into your browser’s address bar.
2. Always check the URL of the websites you visit
Another common technique used in phishing is to disguise a website to look like the real one, in the hopes you will enter your username and password. Instead of logging into your bank, for example, you’ll be sending your details to the scammer who can then attempt to use them to gain access to your accounts.
These phishing sites will often have URLs that closely mirror the original site they’re trying to mimic. For instance, if instead of heading to www.safebank.com you find yourself on www-safe-bank.com, it can be difficult to notice something is awry.
Always double-check the URL of the websites you’re visiting, especially for websites that have sensitive personal information or involve financial transactions.
3. Use anti-phishing software
Anti-phishing software, such as McAfee SiteAdvisor, Kaspersky Internet Security, and Google Safe Browsing, attempts to identify when a website, email, or other message is a phishing attempt. The software will alert you when you head to a fraudulent website masquerading as a legitimate site.
Anti-phishing software relies on a central database of phishing sites to be up-to-date and well maintained, so it’s not flawless. However, it can be a useful tool to use across a company to lower the chances of employees being tricked by fake websites.
4. Install antivirus software
The second stage of a phishing attempt is often to install a virus or malware on your computer. You click a nefarious link in an email, and the software is downloaded to your computer. If you run this software, it performs malicious acts such as recording all your keystrokes, sending screenshots of your desktop to the hacker, or allowing the hacker to take control of your computer remotely.
Antivirus and anti-malware software is the answer to this problem. Microsoft Windows has a built-in antivirus software called Microsoft Defender, but identity theft protection software like Aura includes antivirus, a password manager, and safe browsing protection, alongside identity theft and financial fraud protection. It also includes a VPN, or virtual private network, which you can use to automatically encrypt all data transmissions you make online, making Aura a more comprehensive solution that protects you on multiple fronts.
5. Use a password manager
Phishing attempts may start by trying to get your password for a relatively innocuous website. The criminals know that many people re-use passwords on multiple websites, so if they get your password for Facebook, for instance, they may have also just gotten the password you use for your banking or online shopping.
To combat this, you can use a password manager. This software will generate a different password for every site you visit, and all you need to do is remember a master password to log in to all sites. This way, even if a malicious actor gets one of your passwords through a phishing attempt or a data breach, the amount of damage they’ll be able to do is minimal.
6. Disable HTML emails
When you view emails in HTML format, you get to see all the images and rich formatting the sender used. This makes emails more visually appealing, but it has a downside. When you enable images, the sender of the email will be able to see the date and time you’ve opened their email.
Phishing scammers send thousands of phishing emails per day. They expect most of their emails to be filtered to a spam folder, never to be read. So, when they see that someone has read their email, they get confirmation that your email address is active and you’re willing to read the content they send you. This makes you a much bigger target for scammers, and they may begin to perform more targeted attacks.
Instead, leave HTML emails disabled and avoid viewing images in emails.
7. Use a strong spam filter
Avoid seeing most phishing emails by using an email service with an excellent spam filter. Google’s Gmail has one of the best spam filters available today. If you use a good spam filter, virtually all phishing emails will be sent to your spam folder automatically, so you don’t need to deal with them at all.
Criminals constantly upgrade their tactics to get around spam filters, so it’s still possible that a phishing email will make its way into your email inbox. But spam filters can block the vast majority of phishing emails, saving you a lot of time sifting through them to find genuine communications.
8. Use multi-factor authentication on important apps
Multi-factor authentication means you can’t perform important transactions without first verifying them through a secondary system. For example, having set up multi-factor authentication on your bank account, you must authorize all transactions made through the online banking website. When you make a transaction online, you are required to enter a code that’s sent to your cell phone.
The power of multi-factor authentication is that even if your username and password are stolen online, the thief is unable to do anything damaging without also having access to your cell phone.
9. Have a company data security policy
The average cost of a data breach to a company has risen to $4.24 million. The Identity Theft Research Center (ITRC) reported a 68% increase in the number of data compromises between 2020 and 2021. It’s a serious problem for any company doing business online.
If it’s your job to protect against phishing attacks at your company, you need to institute a strong data security policy. Employees should be trained to recognize phishing attacks and be aware of the seriousness of the problem.
A strong security policy in your company means everyone only has access to the data they need to perform their duties. Anomalous user behaviors and unwanted file access requests should cause automatic alerts to IT staff to be sent. This reduces the damage a single data breach can have.
10. Review your bank account statements regularly
Even if you take every precaution, you could still be the victim of a phishing attack. Reviewing your bank account and credit card statements periodically means you’ll be alerted to any unexpected transactions on your accounts, allowing you to react quickly to get them rectified.
Identity monitoring software like Identity Guard can alert you when there is an anomaly regarding your data online, too, such as if a loan is taken out in your name or your passwords show up in online data leaks.
For more details on how identity theft protection works, read our ID theft protection guide. We’ve also put together a step-by-step guide on the most important steps to follow first if you think you’re a victim of identity theft.
Staying secure online
Identity theft online is a serious problem that continues to grow. You can help protect yourself from phishing attacks by always checking that the person you’re dealing with is really who they say they are. Double-check website URLs, and avoid clicking on links in emails or instant messaging.
A few software tools can help protect you from phishing and minimize the damage a phishing attack can have. Use anti-phishing software, a password manager, antivirus software, and an email client with a strong spam filter.
Avoid revealing sensitive details over the phone or if you can’t be entirely certain of the identity of the person you’re dealing with. Use multi-factor authentication on important apps, and institute a data security policy across your organization to minimize the chance of data breaches. Finally, keep an eye on all your financial accounts so you can react quickly if you do fall victim to a phishing scam.