Imagine this: your phone or laptop beeps, and an email from your bank pops up in your inbox. You open it up, and it looks like official correspondence, except that it’s asking you to update your credit card details by typing them into a website that pops up when you click on the link. Do you go ahead and do what it says?
If you answered “yes,” then, congratulations. You’ve just been had by a phishing scam.
Phishing is basically a term used to describe an attempt to obtain sensitive information, such as passwords and credit card authentication codes, by mimicking a trustworthy entity, such as a bank, in electronic communication. As with its homonym, fishing, this disguise serves as the bait with which malicious entities can hook their victims with. It usually occurs online, through email, instant messaging, or fraudulent websites. You might recognize this in its most common forms, such as:
1. Social engineering.
Do you like to take those Facebook quizzes that tell you which Korean hottie you’re meant to be with or who you were in a past life? (Seriously?)
Sure, they might seem harmless and perhaps even fun, but if they require you to log in with your Facebook account before you can get your results, you’re inadvertently providing access to personal information on your profile, which can be used to engineer your password, among other things.
2. File attachments.
Malicious software or malware could be sent to you in the form of file attachments in an email or an instant message. The moment you open it, the hidden malware could install itself on your phone or computer.
The intruding software can now mine your device for personal information, and its sender can retrieve that data whenever you go online. Such files typically come from strangers, but they can also come from someone you know, especially if their account has been hacked.
3. Phone phishing.
“CONGRATULATIONS! You’ve just won PHP30 million! Call this number to claim your prize!” Sound familiar? This is what you call a typical phone phishing scheme.
Phone phishing typically happens offline, and it can also manifest as someone calling and claiming to conduct a “security check” on behalf of your bank. Either way, the aim is to get your personal information so they can hack into your bank or social media accounts.
4. Fake websites.
A near-perfect replica of an entity’s official website pops up when you click the link on a phishing email that asks you to log in. Once you do, your username and password are now unsafe.
So, how do you defend yourself against phishing? Read on and find out:
1. Examine your emails carefully.
Shrewd as phishing emails can be, there are some red flags that should alert you to the fraudulent nature of their content. Check out our article on what to look out for here.
2. Use 2-factor authentication whenever possible.
Some email servers and social media websites offer the option of sending an authentication code to your phone whenever you log in. This makes your data a lot more secure because hackers won’t be able to access it even if they have your password (unless they’ve also somehow managed to swipe your phone).
3. Don’t use the same password for all your accounts.
If a scammer were to guess correctly the first time around, just imagine how many of your online accounts are now fair game if you used the same password across the board.
If you’re bad at remembering passwords, you can use a keychain app that stores them for you or vary it ever so slightly depending on the website or platform it’s for. For instance, if your go-to password is “Cookiesncream,” you can use “Cookiesncream4Google” on Gmail, “Cookiesncream4FB” on Facebook, and so on.
4. Never publish your sensitive information.
These include your birthday, the name of your first pet, and your mom’s maiden name. Basically, if it’s an answer to one of your security questions, don’t post it online. It also helps if you don’t use any of these data to form your password as they’re too obvious.
5. Never give your atm pin or password to anyone.
Your bank will never ask for this information, I repeat, YOUR BANK WILL NEVER ASK FOR THIS INFORMATION. You can pretty much ignore any email or caller requesting such.
Lastly, it always helps to take further precautions like continuously updating your accounts and spreading your money across different bank accounts in case one of them gets compromised. Mindfulness is crucial too. The digital age has certainly given us a lot of conveniences when it comes to handling our finances, but it shouldn’t make us complacent about security.