How to Protect Yourself Against Phishing Threats

It seems like someone is always out to steal your information nowadays. From spam emails to scammy texts to fake calls, people are bombarded by phishing threats from every avenue. And it can seem hard to protect your personal information when the attacks are hitting you from every angle.

However, it is possible to shore up your personal security. But first, we need to identify what phishing actually is, how it works, and the various types that occur. Then we’ll discuss some ways you can protect yourself against this ongoing threat.

What is Phishing?

Phishing is a practice where a malicious actor convinces you to do something under false pretenses. Typically, this involves you giving access to your personal information (whether knowingly or not) to someone who is pretending to be someone who they are not.

It’s a typical “bait and switch” scam where a scammer lies to get you to give up the goods and then will run off with your information. Often, these sorts of scammers are after credit card numbers, social security numbers, passwords, bank accounts, and so forth.

Phishing takes many forms but most often will see you clicking an unknown link, opening an attachment, or directly giving up personal information.

What is Phishing Attempting to Accomplish?

We’ve already discussed a couple of the reasons scammers use phishing, but there are actually a few more reasons to mention. Most often, those conducting a phishing attack are trying to:

• Steal your login credentials to take over your accounts

• Steal your social security number or bank account number

• Steal your identity

• Infect your phone or computer with malware so they can spam others using your accounts

So you know the “why,” but let’s now discuss the various types of phishing you need to be aware of.

Types of Phishing Attacks

There are likely more phishing attack methods than what follows, but these are the top offenders:

Email Phishing

In this type of attack, an email lands in your inbox and often prompts you to click a link, reply with some personal information, or open an attachment. Often, the sender’s email address will appear legit (or close to legit, especially if you’re not paying close attention).

Domain Spoofing

Related to the above, some malicious actors will use domain spoofing to try to make their email phishing scams appear more valid. They’ll use a real company’s domain name in their email address but just change a letter or something in hopes you won’t notice. So, instead of receiving an email from “[email protected]” you’ll get a message from “[email protected]”

Phone Phishing

Phishing attempts will hit your cell phone often, too. These scammers will call you and pretend they work for a legit company, or a legit-sounding company, and then try to weasel information out of you. Some might use an automated messaging system and request you enter numbers on the keypad. Still others will try to get you to call a specific phone number back.

SMS Phishing

Another way phishers get to you is through text messages. These SMS messages may request that you click a link, call back, or reply to the message with personal data.

Spear Phishing

Spear phishing is a phrase used to describe more targeted phishing attacks. These have been greatly personalized and are harder to spot as scams on first look. They might know your name, services you subscribe to, as well as job information, and so forth. Then they’ll impersonate a company to attempt to get in your good graces so you’ll let your guard down.

Website Phishing

Tons of phishing happens directly on websites, too. And often it takes the same form as it does in emails, calls, and texts. But there are a few distinct website phishing tactics you should be aware of, too.

Malware injection can make a totally trustworthy site be taken over by a scammer who will then steal form entries and personal information and redirect links. In some cases, this can go so far as a method called “pharming,” which involves all traffic from a legitimate website being directed to a phishing website. Or a URL could be hijacked wherein a visitor who makes a typo when inputting a real URL are directed to a site that mimics the real thing. Then if you’re not paying attention, you might mistakenly give away your personal information.

Another method is called “clickjacking,” which places a fake lead generation form on the site so it can capture personal information while visitors think they’re inputting info into a real form field.

How to Prevent and Protect Yourself from Phishing

With all the knowledge you’ve accumulated so far about the types of attacks you may face, now’s the time to put a plan of action into place to defend your personal information and ensure your data and systems are impervious to phishing attempts.

Here’s how you can protect yourself:

1. Keep Your Software Up-to-Date

This is step one for keeping your personal data secure. Always ensure your computer or phone’s operating system is up-to-date and that you download any bug fixes as soon as they become available.

2. Bolster Your Internet Security

Next, you need to make sure the way you’re engaging with the Internet is safe, too. And while you could be educated on recognizing all the signs of phishing, your personal information could still be at risk.

The simplest way to protect yourself online is to use some kind of internet security software to secure your browsing experience. This sort of software will typically include anti-spam features to protect your email account(s) and anti-malware features to protect your system from viruses, worms, and Trojan horses.

Your security software should also include a firewall to further protect your computer, software, and accounts from being hacked or otherwise compromised. This is especially beneficial as even if you download something shady on accident, the software will alert you to the fact it may be compromised.

A few popular security tools to consider include:

• Norton 360 Deluxe

• McAfee Total Protection

• Avast

• Bitdefender Premium Security

• Avira

3. Be Mindful of Who You’re Giving Sensitive Info To

This should go without saying, but you should always be careful about who you give your personal information too. Your bank is not going to ask for your account number or password via email. Nor is your tax accounting software ever going to text you for your social security number.

A little bit of common sense can go a long way in keeping your data safe.

4. Don’t Open Attachments

Here’s a general good rule of thumb to abide by: if you’re not expecting an email attachment from anybody, don’t open one you receive out of the blue. And if you must, email the sender (if you know them) in a new email message (don’t reply) to verify it is indeed them who sent the attachment.

5. Don’t Click Links

Another good rule to follow to protect your personal data and privacy is to avoid clicking on embedded links in emails. It’s a much better idea to go to the site’s URL directly (type it into your browser) and then navigate to the relevant page this way.

6. Create Public and Private Email Addresses

It’s also a good idea to create two email addresses for yourself – a public account and a private account. The public address should be used for signing up for anything that is public facing and/or might be one day compromised. Use it to sign up for online services, mailing lists, forums, and social media accounts.

Then create a separate address that always remains private. You should only use this address for contacting people you know personally or work with professionally.

7. Don’t Reply to Spam Messages

Another thing to keep in mind is that you should never respond to spam messages. While it might certainly be tempting to fire off a sarcastic response to phishing text or spam email, it’s a much better idea to just delete the message outright. Responding actually tells the scammer that the address is valid, ensuring you’ll receive even more messages in the future.

8. Use a Password Manager

Lastly, keeping your accounts protected will require in part that you have strong passwords. Unfortunately, strong passwords are super difficult to remember, which means using a password manager will be a must.

Set up might take you a bit of time, but once configured, your password manager can input your login information automatically, saving you a ton of time – while securing your peace of mind.

A few password managers worth considering include:

• LastPass

• DashLane

• 1Password

Start Protecting Yourself Today

When it comes to the security of your information, the sooner you lock it down, the better. It is our hope that by reviewing the materials presented here about the types of phishing threats, what to look for, and how to protect yourself, that you’ll be better prepared to spot those with malicious intent and keep your personal data safe for the long haul.

Frequently Asked Questions