With more people online than ever before, the internet has become even more susceptible to cyberattacks and online scams. Cyberthieves thrive on the lack of awareness of netizens so their actions often go unnoticed until it is too late. 

In this article, we touch on the most common online scam today, Phishing. We explain what constitutes phishing, how to identify it, and how to protect yourself against it. If you or your company are victims of phishing, we share useful tips to minimize the damage.

WHAT IS PHISHING?

Derived from the word “fish”, the name suggests an angler throwing a baited hook into the sea (phishing email) then waiting for someone to take the bait. Phishing is a type of online scam where victims are contacted by email, telephone or text messages by attackers posing as legitimate businesses or institutions. The attackers will try to trick a potential victim into entering personal information such as banking credentials, addresses or even passwords.

The information retrieved will be used to access important accounts or information which can result in identity theft and often, financial losses.

HOW TO IDENTIFY PHISHING EMAILS OR WEBSITES?

FIRST SIGN: IF IT’S TOO GOOD TO BE TRUE, IT’S TOO GOOD TO BE TRUE.

Lucrative offers or attractive statements are designed to entice people immediately. For example, do not open emails which state that you have won a luxurious prize.

SECOND SIGN: TAKE NOTE OF HYPERLINKS OR TYPOS SENT IN THE EMAIL OR WEBSITE.

Always hover over the URL to check the link that you will be directed to, most of the time, the links are manipulated in a way where it looks real at once glance. Take a look at this link, www.bankofarnerica.com – it does not look wrong at once glance right? However, the ‘m’ is actually an ‘r’ and an ‘n’.

THIRD SIGN: A REPUTABLE COMPANY NAME DOES NOT EQUATE TO TRUST.

Most phishing email senders will choose to impersonate a reputable company for credibility. For instance, an email from Netflix saying that your subscription has ended and to log in to your account to continue the subscription. Do not enter your details without checking with Netflix first!

HOW DO COMPANIES PROTECT THEMSELVES AGAINST PHISHING?

1. Ensure that your website is secured. Always opt for SSL certificates to be added to your website. SSL certificates allow secure connections from the webserver to the web browser.
2. Use secure passwords. Never use dictionary words as part of your password as it will be easier to hack the password! Make sure that your password contains special characters and are of more than 8 characters.
3. Open emails carefully. Hackers tend to embed malware into attachments or images, hence always scan the file first before downloading it!
4. Use secure website hosting services. Before engaging a hosting service, check that they offer a backup option as you might lose valuable information to a hacker.
5. Do not share your cPanel or CMS passwords. You never know who might leak your password to outsiders.

WHAT HAPPENS IF YOU OR YOUR COMPANY IS A VICTIM OF PHISHING?

Do not panic and follow these step-by-step precautionary actions in order to minimize the damage.

1. Change your password. As obvious as it sounds, change the password of the account that had been phished. If your passwords are the same across all accounts, do take the time to change all of them.
2. Contact the company that has been spoofed. Report the scam to the organisation and tell them you have taken the necessary precautions such as changing your password. Follow the instructions given by them to protect your account.
3. Alert your organization. This way the IT personnel in your company will be able to stop the spreading of the malware.
4. Run a security scan on your infected device. Running a security check can help identify or highlight any possible malware that has been injected into your system.
5. Be wary of any phishing attacks in future. Ensure that the incident will not happen again and caution will be taken when dealing with such attacks.