In the last couple of weeks, a scary trend has started to emerge: Sophisticated phishing email scams that resemble the sites and services they mimic so well, it's hard to spot a fake. Just today Netflix scam is trending on Google. With recent targets including Netflix, and Gmail — which are so widely used — you can't help but wonder what might be next. LinkedIn? Facebook? Instagram?
Of course, hacking is nothing new, but it's been in the spotlight since the 2016 election. "Criminals are copycats," says Kenneth Geers, a senior research scientist at Comodo, a global cybersecurity company. "Everyone now knows that Hillary Clinton’s campaign was derailed by a phishing attack. So if John Podesta would fall for it, so would millions of other, less sophisticated users."
With this in mind, we've put together a security primer for identifying and safeguarding yourself against phishing scams. The tips below aren't guaranteed to protect you — nothing is. But if you follow them and approach your online use, especially on email, with vigilance, you'll be in far better digital shape.
Spot An Email Scam
You probably already know not to open an unusual looking attachment or a link from an unknown sender. But, as proven in both the Netflix and Gmail scams, these links and attachments can appear to come from your own contacts, or from services you subscribe to. This is known as spear phishing, says Gary Davis, the chief consumer security evangelist at Intel Security. According to Davis, most phishing emails will be opened less than five minutes after they were sent.
So, what can you look for to avoid falling victim to these emails?
Whenever you get an email that isn't part of an exchange you initiated (or were expecting), be on alert. "Examine all web and email addresses to see if anything is misspelled or suspicious," Geers says. "Be wary of anything suggesting that you must take a certain action, especially with any kind of urgency. Be suspicious of anything asking you to approve a software download or installation, or asking you for personal data, financial information, or a password."
If it's a message from your bank or another site you use regularly, reach out to them directly — not as a reply to the suspicious email — to ensure the message was truly sent by them, Davis says.
Take Extra Caution On Social Media
We're used to granting Facebook all sorts of permissions, often without thinking twice. But keep in mind that hackers know this, and will try to take advantage of it.
"Criminals know you are much more likely to click on a link or attachment [on social media]," Geers says. "The reason is that the communication has come from within your trusted circle, which you have personally approved over time. Statistics show that social media users assume that if they receive anything there, it must be okay."
Apply the same caution you do to opening attachments and clicking on links in email to your social accounts.
Look For HTTPS
Strengthen Your Password
The stronger your password, the better your defense. Research shows that most people still opt for "123456" as their password, which may be easy to remember, but is also incredibly easy for a hacker to guess. Instead, create a longer password (experts recommend using 12 characters) with upper and lower case letters, numbers, and characters such as exclamation points or question marks.
Also, be sure to opt for two-factor identification on all of your accounts, which adds an extra layer to the log-in process.
Update Your Phone
Yes, downloading the new iOS requires shutting down your phone, but it's worth it. Most operating system updates include bug fixes that can help keep you safe in the long-run.
Above All, Use Common Sense
"Be suspicious of everything, and learn the power of no," Geers says. When it comes to online security, there's no such thing as being too careful.