“You’ve inherited a fortune. To transfer the money, I need your bank account credentials.” If you have ever stumbled across something like this, you need to continue reading.
According to Verizon’s 2022 Data Breach Investigations Report, 25% of all data breaches consistently involve phishing.
How does this happen? The fraudsters who are involved in phishing are some of the best content writers. They know how to create a sense of urgency to make you click on the notifications and get you to read the message.
A lot of users fall into their trap; they aren’t aware that they are being scammed. For the few that are aware, they are often ill-equipped to deal with the situation. They also often suffer considerable damage that impacts their organization’s operations and reputation.
Here are 5 non-negotiable tips:
1. Learn to be proactive: It’s not necessarily” can I have your debit card password or one-time password”. Sometimes, it can be as simple as playing a voice message, downloading a random file, or opening an email. Unlike other frauds, you often don’t have enough time to think about your actions.
The more we prepare to deal with familiar tactics and techniques, a new hole is dug. The chances of losing everything in a fraction of a second is highly possible. The earlier you learn about the latest attack techniques, the more likely you are to prevent a prospective attack.
Two of the largest software companies in the world, Facebook and Google, also fell victim. They were scammed out of $123 million between 2013 and 2015 as a result of a fake invoice scam. They took legal action but were only able to recover half of the stolen money. This technique might sound cliché, but it’s definitely a tricky one!
2. Don’t click on anything and everything: We tap on everything as if we invented the internet. In fact, many of us are not even aware of what we click or accept. It is generally suggested not to click on any links from unknown senders sent through emails, download files from unauthorized websites or accept cookies.
An estimated 100 gigabytes of data from the movie company Sony Pictures was exposed in November 2014 by the illegal hacking group “Guardians of Peace”. Numerous senior Sony personnel, including CEO Michael Lynton, were revealed to have received phishing emails that appeared to be from Apple, according to Stuart McClure, CEO, computer security firm Cylance.
One takeaway from this is that if you are not aware of the source or the sender, just don’t open it. Just one wrong click can cause an unimaginable loss.
3. Change your password: “123456” is the most convenient password, I agree. However, these are easy for the attackers to guess. We generally don’t change our password unless we forget our current one. If you have online accounts, you must get into the habit of regularly changing passwords.
If you think it is hard for you to remember, in that case, installing password managers can be beneficial. They create one-of-a-kind, highly secure passwords that do the job of storing and saving the passwords in a secure location. In fact, a few password management software also help you to automatically change the stored passwords.
What’s the purpose of doing all this? Simple, you don’t make yourself an easy target to attackers. Let them keep trying!
4. Don’t spill the beans: Some phishing attacks are well-thought-out, tricking your mind into believing it’s legitimate. The safeguard to practice immediately: Do not enter any sensitive information or download files from a website if the URL doesn’t begin with “https” or if you can’t see a closed padlock icon next to the URL.
It is also crucial to be aware of the boundaries of information sharing. Sharing certain sensitive information, like TOTP, PIN, or date of birth, can cost you dearly. No genuine site or organization would ask for such information.
The famous German logistics company, DHL, has taken the top spot in brand phishing attempts in 2022, according to a report published by Check Point. The users received emails with the subject line “Undelivered DHL (Parcel/Shipment)”.
The message tricked them into clicking on a malicious link claiming that they need to update their delivery address to receive the package. Obviously, the URL didn’t actually direct them to DHL’s website. Instead, it leads them to a fake, attacker-controlled website with a form asking the victim to enter their name and password, which are then harvested by the crooks.
5. Install firewalls and get anti-phishing software: There is a plethora of anti-phishing software options available on the market. Read unbiased reviews from respected industry publications and install one. It will help you in preventing malicious attacks on your computers and computer networks. These are some of the most effective, yet simple things you can do. Bless your privacy by following these basic techniques!
ManageEngine provides a comprehensive suite of anti-phishing software that helps protect sensitive enterprise data from security breaches associated with cyberattacks. Check out our website to know more!