Phishing Awareness

How to Spot and Avoid Cybercriminals' Most Common Attack

As part of Cybersecurity Awareness Month 2024, it's important to discuss one of the most prevalent and dangerous threats online: phishing. Phishing is a form of cyberattack where attackers attempt to deceive you into revealing personal information, such as passwords, credit card numbers, or other sensitive data. These attacks can take many forms, including emails, text messages, or fake websites designed to trick you into handing over your valuable information.

At The Firewall, our mission is to make cybersecurity easy to understand for everyone. In this article, we'll explain how phishing works, how to recognize it, and practical steps you can take to protect yourself from falling victim to this common but dangerous threat.

---

What Is Phishing?

Phishing is a method used by cybercriminals to steal sensitive information by pretending to be a trustworthy entity. Typically, phishing attacks come through email or text messages, where the attacker masquerades as a legitimate company, government agency, or even a person you know. The goal is to make you click on a link, download a malicious attachment, or input personal information on a fake website.

For example, you might receive an email that appears to be from your bank asking you to "verify your account details" by clicking a link. If you do, you may unknowingly give your login information to cybercriminals and allow them to access your account.

How to Recognize Phishing Attempts

Phishing emails or messages often have signs that can help you identify them as scams. Here’s what to watch out for:

1. Unfamiliar Sender or Email Address

Be wary of emails from addresses you don’t recognize, especially if they look suspicious. For example, an email claiming to be from your bank but using an address like “bank-security-alert@gmail.com” should raise red flags.

2. Urgent or Scary Language

Phishing messages often create a sense of urgency to pressure you into acting quickly. For example, you might see phrases like “Your account has been suspended” or “Respond within 24 hours or you’ll lose access.”

3. Suspicious Links

Hover with your cursor over links or long-press the link in an email before clicking them to see where they lead. If the link URL looks suspicious or doesn’t match the official website of the sender (e.g., “uba-security-alert.net” instead of “ubagroup.com”), don’t click it.

4. Spelling and Grammar Errors

Many phishing attempts contain typos or awkward language. Legitimate companies take care in their communications, so errors are often a sign that something is off.

5. Requests for Personal Information

Be highly cautious if an email asks you to provide personal information, such as your passwords or credit card details. Reputable companies will never ask for sensitive information via email or text message.

6. Too-Good-to-Be-True Offers

Phishing attacks often lure victims with unrealistic promises, such as winning a contest you never entered or receiving a large sum of money. If it seems too good to be true, it probably is, just as the saying goes.

What to Do If You Spot a Phishing Attempt

1. Don’t Click Any Links

If you receive a suspicious email, the first rule is not to click on any links or download any attachments. Doing so can lead you to a malicious website or cause harmful software (malware) to be installed on your device.

2. Verify the Sender

If you’re unsure whether an email is legitimate, contact the sender directly using information from their official website or app. For example, if you receive an email from your bank that seems suspicious, call them directly using the number on their official website to ask if the message is genuine.

3. Report Phishing

Most email services (Gmail, Outlook, etc.) allow you to report phishing attempts. This helps prevent others from falling for the same scam.

4. Delete the Email

Once you’ve verified that the message is a phishing attempt, delete it immediately.

What To Do If You’ve Been Phished

If you think you may have fallen for a phishing scam, take action immediately:

1. Change Your Passwords: If you entered your login details on a fake site, change your password for that account right away.

2. Enable 2FA: As an added layer of protection, enable two-factor authentication for your accounts.

3. Monitor Your Accounts: Keep a close eye on your financial and online accounts for any suspicious activity. If you notice anything unusual, report it to the service provider immediately.

4. Run an Antivirus Scan: Ensure that no malicious software was installed on your device by running a full antivirus scan.

The summary here is this: not every information is to be freely shared and not every link is to be clicked!

This Cybersecurity Awareness Month 2024, let’s commit to being more aware, more cautious, and more proactive in safeguarding our personal information. Stay safe, stay secure, and continue to follow The Firewall for more practical tips on protecting yourself from cyber threats!