Nearly everyone with a computer and access to the internet understands the basic concepts of cybersecurity. Odds are, you know that you should protect your passwords, change them regularly, and install anti-viral software for an extra layer of defense. But what do you know about one of the most common forms of cybersecurity attacks? We’re talking specifically about phishing.

Phishing isn’t necessarily a direct hacking, in the traditional sense of the word. When someone is phishing, they’re looking to trick the user into giving away information. This could be anything – from giving access to your computer, revealing passwords, or even sending money/gift cards directly to an address or email. They trick you by impersonating someone or something that you already trust. Sometimes this comes in the form of a fake email with someone’s name you know, or a major brand you follow, or a service you use.

Often, we see phishing attacks in the form of an email impersonating a financial institution. They tell you your information has been compromised and encourage you to click on a link to reset your password. That link will open a fake website, nearly identical to your actual financial institution, and you’ll give them all the information they need to hack into your account. And this isn’t just banks – it can happen with any service you use online where you have a login with password.

Another technique seen frequently is an email from someone with whom you are familiar telling you to download an attached file or program directly to your computer. Once you download this file, you’ve opened a can of worms that can maliciously attack your information or system. You trusted the email, since it seemed to come from a known contact, but this was a hacker impersonating them with a fake email account.

More often than not, phishing is a tactic used to gather information from you. In this day and age, your personal information is a veritable gold mine. They could take your documents and hold them for ransom (a ransomware attack), or sell your info to the highest bidder for emails lists, or perhaps even use this information with complex algorithms to try and find your passwords for all your other accounts.

So what can you do to protect yourself? We’re going to go over 5 tips that you can implement right now to protect yourself.

  1. NEVER open or download attachments from recipients you don’t know. If there is an attachment on an email, ALWAYS double check the sender’s information.
  2. Be wary of misspellings, strange phrasing, or common phishing language. Things like asking for money/gift cards, reset your password now, verify your account, or the sender not using your full name are all red flags. Proceed with caution.
  3. Scroll over any links in emails BEFORE clicking on them. The url will show up in the bottom left of your screen to preview, so you’ll be able to make sure https:// is at the beginning, and the url is a trusted source.
  4. Create unique passwords for every account, and change them often. We know. This one is a pain in the neck, but it could save yours later!
  5. Install antivirus software. This is a final check before you download something, and can save you in a crunch if you accidentally grant a phisher access.

Think you know your stuff? Try taking this phishing quiz to see if you can detect nefarious emails. When you start the quiz, you’ll need to create a name and email — neither need to be real — to make the scenarios in the quiz seem more realistic. Don’t worry, this information won’t leave your device, and it can be entirely made up. 

Let us know how you do… 

Please tell us you double-checked the link before clicking…

As always, if you have questions about phishing, hacking, or digital marketing in general, please reach out to us directly via email, phone, social media, or carrier pigeon. We are here to help you!