Today, phishing attacks are still going strong, although now in digital form. Read to find out what a phishing attack is and how to protect your accounts from this common cyber threat.
How Does Phishing Work?
Phishing emails use manipulation to compel victims to reveal their information. They often convey a sense of urgency, informing the target that they’re in an overdraft or that their credit card has been blocked. Alternatively, phishing emails would describe too-good-to-be-true scenarios, such as winning a contest the victim never entered or getting an unusually high tax refund.
Typically, phishing emails contain a link that will redirect the victim to a website. These websites attempt to replicate the sites the hackers are impersonating. The unsuspecting target will be prompted to enter their login details or card details as usual. Unfortunately, this information will then go straight to the hackers who can now take over accounts or perform banking operations in the victim’s name.
In an alternative version of phishing, the link won’t take the victim to a site. Instead, it will download malware onto their computer instead. That malicious software will then provide a backdoor to cyber criminals to take control over the device or steal sensitive information.
How to Protect Yourself and Your Data
Know How to Spot a Phishing Attack
If you get an email from your bank, the government, or PayPal asking you to log into your account, don’t follow the links in that email. Instead, search the relevant website in your search engine and log in that way. If you want to be extra sure, it’s a good idea to bookmark your bank’s and other important institution’s websites for future reference.
Look also for warning signs in the email. Does it look different than normal? Is the greeting generic and doesn’t include your name? Is the email address correct? Phishing emails are often sent from email addresses that are very similar to the actual ones but so can be easily mistaken at first glance.
Set up Two-factor or Multi-factor Authentication (MFA)
The only action that can truly protect you from the consequences of a phishing attack is securing your accounts with two-factor or multi-factor authentication. Two-factor authentication adds another layer of security on top of a password. It combines something you know (password) with something you have (security key, your phone). This means that the hacker can’t simply log in from a new device just by knowing your password. They will still need to complete the second authentication step, which in most cases will be impossible.
There are various methods of authentication that can be used as the second verification step. It’s worth noting that using an authentication app on your phone or a hardware security key are preferred forms of verification. Hackers have been known to redirect text messages of the victim to a different SIM card, so using texts as verification is generally discouraged by security experts.