October is National Cybersecurity Awareness Month (NCSAM). The 2018 edition represents an important milestone for the occasion – the 15th anniversary of its original proclamation by the U.S. Department of Homeland Security and the National Cyber Security Alliance.
NCSAM is a great opportunity to brush up on your security practices and also learn new techniques that keep your identity and data safe from harm. While there are virtually endless tips and tricks you can take to heart in improving your personal cybersecurity, some of which involve the use of complex and specific technologies like virtual private networks, let’s keep it simple and focus on phishing.
Phishing is a rudimentary but highly effective cyberattack. Unlike more sophisticated attacks, it is difficult to stop with modern cybersecurity solutions because it exploits human weakness, namely the inclination to trust communications that seem legitimate. Over 90 percent of cyberattacks may begin with phishing.
Here are four steps you can take to reduce your exposure this NCSAM and beyond:
1. Be skeptical of emails with urgent subject lines or calls to action
There’s a common technique in some political campaigns of sending direct mail disguised as courts summons or other official documentation, to make a response more likely. Many phishing emails take basically the exact same approach, only in digital form.
That is, they might use all-caps subject lines (e.g., “URGENT:”) to make it seem like action is required. It isn’t. Institutions like banks or government agencies often use conventional mail for some communiques, or structure their emails carefully to avoid scare tactics, often with a level of personalization that’s missing from mass phishing emails. If in doubt, do not engage.
2. Don’t click any link you’re unsure about
Links are the active ingredients of phishing emails, the components that actually make the scams work. After reading through the boilerplate text about how someone is leaving you an inheritance or you need to enter all of your bank account information on a strange website, you’ll likely be asked to click on something.
There are more gray areas in which a link might appear, too, like in an unsolicited social media message. If you’re not sure, don’t click. If you feel like the request might be legitimate, type the address into a website yourself instead of clicking it. Better yet, to avoid typos, create favorites of your most important websites, including your bank’s if you use online banking services, that you can click or tap and ensure you have the right destination.
3. Never send sensitive information over email or an unsecured website
Email is unavoidable for most people. It’s undoubtedly a quick and easy way to communicate, but it has major shortcomings in terms of its security. Any email that isn’t digitally signed and/or encrypted could have been tampered with, and it’s possible for messages to be intercepted and read, too.
Since email encryption is relatively complex, a more practical approach for most people is to avoid sending any really sensitive details over email at all, whether you’re being asked by someone you know or – especially – a stranger who may be scamming you. Moreover, always look for the HTTPS and padlock in your browser’s URL bar before filling out any forms; a common phishing tactic is to solicit incriminating information via unencrypted connection like HTTP websites.
4. Know the tell-tale signs of a phishing email
We’ve already discussed faux-urgency as a tip-off of a phishing email, but it’s hardly the only one. Others to look out for include:
- Grammatical mistakes.
- Including your email address in the subject line.
- No acknowledgement of your name.
- Requests to verify your account.
- Warnings that your account has been compromised.
With this knowledge and the practices we’ve covered already, you can you greatly reduce the risk of being a phishing victim. Total Defense is here to help with solutions for antivirus, backup and internet security. Take a look at our shop page to find out more.