Protect yourself from getting phished

We originally published this post in the March 2024 edition of NCHENZ.

Emails, SMS and WhatsApp messages are a big part of our everyday lives. You use them for everything from keeping in touch with friends and family to getting work done.

Chances are you’ve received messages that aren’t always what they seem. They may look like it’s the subscription you signed-up for, an email prompting you to change your password pronto by clicking on a link. And while some are easy to spot as scams, others are less obvious.

Hackers do this by crafting emails or messages that look like the real deal to trick you into believing that it’s from someone you know or trust. They lure you into opening attachments or clicking malicious links that download all sorts of nasties or giving up sensitive information like your personal details, credit card numbers, passwords and more.

It’s all part of an elaborate plot called social engineering that takes advantage of human behaviors for financial gain or malicious activities by creating a sense of urgency, curiosity or fear.

And phishing is one of the most popular social engineering techniques that often starts with perpetrators learning about you, your likes and habits, gaining your trust and striking when your guard’s down. To protect yourself from falling prey to fishy emails, here’s how you can identify a scam email or message in just under 60 seconds.

Spot a phishing email or message in 60 seconds

  • Are you expecting an email or message asking you to share your personal details like your credit card number or passwords?
  • Is it from a person or organization you personally know?
  • Do you recognize the contact details, email or website address?
  • Is the content perfectly composed with no grammatical, spelling mistakes or strange looking characters?
  • Have you been contacted in any other way asking you to do something urgently like changing your password or making a payment so that you aren’t locked out of your account?
  • Has anyone reached out to you letting you know that you need to download a document or click on a link?

If you answered ‘No’ to all or most of the questions, it’s likely to be a phishing email or message. Most services like Google do a good job of keeping the bad guys away but once in a while, they’ll sneak past defenses like email filters and land in your inbox waiting for you to open or click on it.

Phishing emails and messages can be downright dangerous. Since they can infect your device with malware or harvest and steal your personal details, we’ve put together 12 simple pointers you can follow to safeguard yourself.

12 easy-to-follow tips to stop phishing emails or messages

  • Know your sender – If you see an email or message from someone you don’t know or aren’t expecting, don’t hit reply and delete it. Replying to an unknown email or message lets cybercrooks know that your phone number or email address is active.
  • Trust and verify – Even if you know the person or company sending the email or message and your spidey senses are tingling, it’s always a good idea to doublecheck by getting in touch with them directly over a phone call or visiting their website to contact them. Remember that hackers compromise accounts all the time.
  • Tell-tale signs – Companies have a habit of checking for spelling mistakes and grammar when sending out communications to their customers. If a message is filled with spelling or grammatical errors, it’s probably fraudulent.
  • Be wary of tempting offers – Cybercriminals are a savvy bunch and they often hide malicious links behind enticing offers. Hover over links to check if the website address is legitimate.
  • Know your files – Unsafe links aren’t the only thing to keep an eye out for. Organized cybergangs frequently send malware-ridden documents that steal your data or lock you out of your device. Only download or open attachments from trusted sources.
  • Getting to know you for all the wrong reasons – Companies have plenty of ways to verify who you are and asking for your password isn’t typically on the list. If you are being asked to provide your password, avoid it like the plague.
  • It’s an emergency – Hackers are betting that you’ll drop your armor in an emergency. And what better way than scaring you with having your access cut-off if you don’t act immediately or losing your money if you don’t login right now. Pause, take a deep breath and get the facts. Use an alternative phone number other than what’s in the email or pay a visit to the website by typing it in your browser to contact the sender.
  • It just feels ‘wrong’ – Maybe the color on the logo is a shade darker or the message isn’t worded correctly. Sometimes things just don’t seem right. Trusting your gut is often the best defense.
  • Keep your devices up-to-date – Cybercrooks are always on the lookout for outdated apps or operating systems to exploit and install malware. Always update your apps and devices.
  • Install antivirus/anti-malware app – On the off chance you download a file that’s infected with a virus, a reputable antivirus/anti-malware app is likely to detect and stop it dead in its tracks so that you don’t lose access to your data or device. Antivirus/anti-malware will often come bundled antispam and anti-phishing technology to weed out scam emails too.
  • Use multi-factor authentication (MFA) – Your login credentials are one of the most valuable pieces of information for attackers. Multi-factor authentication gives your digital accounts a boost by protecting them with an additional layer of security if a service you’re using is compromised.
  • If in doubt, trash it – If you’re ever unsure about the email, its contents, attachments or links, trash it. Don’t open it, forward it or save it. It’s better to be safe than sorry.

Wrap-up

Attackers are always on the prowl for the next opportunity and the best line of defense to fight-off cybercriminals is to be aware of the trickery and techniques they use to get access to your accounts because the only way in is if you let them.

Stay safe and secure by getting into the habit of checking email and website addresses, links, attachments, content plus supercharge your device and account security with multi-factor authentication, strong passwords, installing reputable antivirus/anti-malware software, keeping up with updates and upgrades.