In the past two weeks, a scary trend has started to emerge: Sophisticated phishing scams that resemble the sites and services they mimic so well, it's hard to spot a fake. With recent targets including Netflix and Gmail — which are so widely used — you can't help but wonder what might be next. LinkedIn? Facebook? Instagram?
Of course, hacking is nothing new, but it's been in the spotlight since the 2016 election. "Criminals are copycats," says Kenneth Geers, a senior research scientist at Comodo, a global cybersecurity company. "Everyone now knows that Hillary Clinton’s campaign was derailed by a phishing attack. So if John Podesta would fall for it, so would millions of other, less sophisticated users."
With this in mind, we've put together a security primer for identifying and safeguarding yourself against phishing scams. The tips below aren't guaranteed to protect you — nothing is. But if you follow them and approach your online use, especially on email, with vigilance, you'll be in far better digital shape.
AdvertisementADVERTISEMENT
Spot An Email Scam
You probably already know not to open an unusual looking attachment or a link from an unknown sender. But, as proven in both the Netflix and Gmail scams, these links and attachments can appear to come from your own contacts, or from services you subscribe to. This is known as spear phishing, says Gary Davis, the chief consumer security evangelist at Intel Security. According to Davis, most phishing emails will be opened less than five minutes after they were sent.
So, what can you look for to avoid falling victim to these emails?
Whenever you get an email that isn't part of an exchange you initiated (or were expecting), be on alert. "Examine all web and email addresses to see if anything is misspelled or suspicious," Geers says. "Be wary of anything suggesting that you must take a certain action, especially with any kind of urgency. Be suspicious of anything asking you to approve a software download or installation, or asking you for personal data, financial information, or a password."
If it's a message from your bank or another site you use regularly, reach out to them directly — not as a reply to the suspicious email — to ensure the message was truly sent by them, Davis says.
Take Extra Caution On Social Media
We're used to granting Facebook all sorts of permissions, often without thinking twice. But keep in mind that hackers know this, and will try to take advantage of it. "Criminals know you are much more likely to click on a link or attachment [on social media]," Geers says. "The reason is that the communication has come from within your trusted circle, which you have personally approved over time. Statistics show that social media users assume that if they receive anything there, it must be okay." Apply the same caution you do to opening attachments and clicking on links in email to your social accounts.
We're used to granting Facebook all sorts of permissions, often without thinking twice. But keep in mind that hackers know this, and will try to take advantage of it. "Criminals know you are much more likely to click on a link or attachment [on social media]," Geers says. "The reason is that the communication has come from within your trusted circle, which you have personally approved over time. Statistics show that social media users assume that if they receive anything there, it must be okay." Apply the same caution you do to opening attachments and clicking on links in email to your social accounts.
AdvertisementADVERTISEMENT
Look For HTTPS
HTTPS is more secure that the HTTP that precedes most website addresses, since it encrypts the data you send. It can be easy to forget to look for this every time you go to a site, but you can install an extension called HTTPS:// Everywhere that will ensure a site loads as HTTPS.
Strengthen Your Password
The stronger your password, the better your defense. Research shows that most people still opt for "123456" as their password, which may be easy to remember, but is also incredibly easy for a hacker to guess. Instead, create a longer password (experts recommend using 12 characters) with upper and lower case letters, numbers, and characters such as exclamation points or question marks. And, since you should have a different password for each of your accounts, use a secure password manager to store them in one place. Popular ones include LastPass and Norton Identity Safe. Also, be sure to opt for two-factor identification on all of your accounts, which adds an extra layer to the log-in process.
The stronger your password, the better your defense. Research shows that most people still opt for "123456" as their password, which may be easy to remember, but is also incredibly easy for a hacker to guess. Instead, create a longer password (experts recommend using 12 characters) with upper and lower case letters, numbers, and characters such as exclamation points or question marks. And, since you should have a different password for each of your accounts, use a secure password manager to store them in one place. Popular ones include LastPass and Norton Identity Safe. Also, be sure to opt for two-factor identification on all of your accounts, which adds an extra layer to the log-in process.
Update Your Phone
Yes, downloading the new iOS requires shutting down your phone, but it's worth it. Most operating system updates include bug fixes that can help keep you safe in the long-run. Davis also advises updating apps and using antivirus software, such as those offered by McAfee and Kaspersky.
Yes, downloading the new iOS requires shutting down your phone, but it's worth it. Most operating system updates include bug fixes that can help keep you safe in the long-run. Davis also advises updating apps and using antivirus software, such as those offered by McAfee and Kaspersky.
Above All, Use Common Sense
"Be suspicious of everything, and learn the power of no," Geers says. When it comes to online security, there's no such thing as being too careful.
"Be suspicious of everything, and learn the power of no," Geers says. When it comes to online security, there's no such thing as being too careful.