How to prevent phishing

Phishing is a type of scam where the malicious actor (the phisher), attempts to trick individuals into revealing sensitive information. This information could be anything from usernames and passwords to other personal information. They are not hackers and use social engineering or other tricks to gain access to your account.

 

How to recognize it?

Recognizing phishing is the first step of prevention. Here are some tips:

1. Check the sender’s email

First, examine the sender's email carefully. Scammers frequently employ subtle alterations to mimic genuine email addresses, such as substituting a capital "i" for a lowercase "l." In some cases, scammers make minimal effort to conceal their deception, making it glaringly obvious. For instance, if you receive an email from blockrise@hotmail.com, it is crucial to recognize that this is a fraudulent email.

How to check the sender's email?

It's not always clear where to find the sender's email, so here's where to find it for the most commonly used email clients.

On desktop (laptop or computer)

• Microsoft Outlook: displayed at the top of the email and should be very easy to find.
• Gmail: at the top of the email, there's a little arrow pointing down. If you click that arrow, a pop-up will open with the full email address displayed.
• The mail app on Mac: click the sender's displayed name to open more details, the sender's email address will be displayed here.

On mobile

• Outlook app: tap the sender's name, and the email address will show directly beneath it.
• Gmail app: at the top of the email, there's a little arrow pointing down, right next to "to me". Tap the arrow and the full email address will be displayed right beneath.
• Mail for iOS: tap the sender's displayed name to open more details.

However, technically skilled phishers can change the sender's name and email address to match the company's email. So, this alone is not enough!

 

2. Check the URL

Phishing websites frequently employ domains that closely resemble legitimate ones but include minor alterations. It's essential to double-check the domain name for accurate spelling.

To confirm the domain you're currently on, you can take the following steps:

1. Look at the address bar in your web browser. This is where the URL of the website you are currently visiting is displayed.

2. Verify the domain name. Make sure that the domain name is spelled correctly and is the one you intended to visit. Be aware of variations in spelling or slight differences in the domain name, as this could indicate a phishing attempt.

3. Look for a padlock icon. If the website uses SSL encryption to secure the connection, you should see a padlock icon in the address bar. Click on the icon to see more information about the website's security.

Tip: save your favorite websites in your bookmarks for easy access.

 

How to prevent it

To safeguard yourself from phishing threats, follow these proactive measures:

1. Keep software up to date: Regularly update your operating system, web browser, and software to stay protected from vulnerabilities that phishers may exploit.

2. Use strong passwords: Create unique and robust passwords for each account. Consider using a trustworthy password manager for secure storage. Avoid common passwords like "123456" or "password," and refrain from using personal data like your name or birthdate in passwords.

3. Enable two-factor authentication (2FA): Enhance security by implementing 2FA, requiring an additional verification step such as a text message code or authentication app when accessing your accounts.

4. Exercise caution with unsolicited emails and messages: Be alert to unsolicited emails and messages, as phishing often begins with these. Verify any requests for personal information or unfamiliar website links. Beware of emails claiming you've won a prize; these are commonly used by phishers. If uncertain, contact customer support to validate the email's legitimacy. Stay vigilant to protect yourself from phishing scams.