Black Friday and Cyber Monday, the two biggest shopping days of the year, is just around the corner and people are gearing up to snag great deals. Unfortunately, cyber criminals are gearing up too. They got tricks up their sleeves to maliciously exploit oblivious consumers. A strategy that is sure to be used in these shopping peak seasons is phishing.
Phishing is a fraudulent technique used by scammers and hackers to obtain sensitive information such as usernames, passwords, and credit card details online by impersonating a trustworthy entity. Here are the things you need to know about phishing and how to protect yourself against it.
Types of phishing email attacks
- Spear – directed at specific individuals or companies
- Clone – a legitimate and previously delivered email is duplicated and contents are replaced with malicious links and attachments
- Whaling – directed specifically at senior executives and other high-profile targets within businesses
Phishing emails typically ask you to
- Open an attachment
- Click on a link
- Enter personal information
What to do when you receive one
- If you received a deal from a website, go to their website first to see if such deal is binding. Don’t respond or click any link from the email as it might redirect you to a malicious site or download malware to your device that will steal your private information. Phishing sites can look like authentic websites. Don’t be fooled into entering your personal information or credit card details. Legitimate businesses don’t ask for this information via email. Proceed to typing the address for the site you wish to verify in your browser.
- There are instances where businesses really do send deals that is limited to their subscribers. This is difficult to confirm in the business’ site. In this case, hover over links in the email to see the address. The address shown in the email should match the address in the link. Furthermore, links attached to the images (if there are any) should be directed to the business’ website address.
- Take prompts such as “There is a problem with this website’s security certificate” or “This connection is untrusted.” seriously. This is a red flag. Close the browser window or tab and do not go back to that link.
- Other than malicious links and request for private information, be vigilant of other phishing email signs like poor grammar and spelling, pressure tactics, discussion of a confidential subject like income and incentives through threat or reward.
- Install a trusted security software and configure it to update automatically.
- If you do receive an email that appears to be from a business, you frequently deal with like banks and they threaten to close your account or take other action if you don’t reply to their email, really, just don’t. Proceed to calling the number found on your financial statements or the back of your credit card and verify such concern. Also, regularly review your credit card and bank account statements to check for unauthorized charges or any discrepancies.
- You can forward phishing emails to firstname.lastname@example.org or report it to email@example.com. You can also report it to the business being masqueraded.
Better be safe than sorry this holiday shopping season.