In this article I am going to describe what to do to avoid the risk of phishing email.
Personal Contacts
The most significant risk to consider are your friends and relatives and associates.
While you may take your responsibilities to protect yourself seriously, your contacts may not hold the same values and priorities.
Helping them to appreciate your own priorities and concerns can go a long way to managing their expectations for how you might respond to their online activities.
Ask them not to include you in their mass circulation emails (round robins, latest funnies or heart string stories).
This will help to prepare them for the inevitable if you need to block their address from your inbox if they ignore your request.
As the saying goes, who needs enemies with friends like that? Mass circulation emails are some of the worst for getting your email address about and "skimmed" by online robots for nasty purposes.
Curiosity
Curiosity killed the cat - and it will snag you as well if you let it.
Curiosity is a basic human nature and is used by many scammers to lure you into opening emails that lead to hell.
These might be strange subject lines, empty subject lines or even sensational subject lines.
Sensational tricks might be "You've just won thousands of pounds but you must claim within the next few minutes or lose it" or offer the chance to view something sexually explicit before it gets deleted.
One I saw recently had a subject header suggesting a parcel that had been dispatched to me could not be delivered and would be returned to sender unless I contacted them to provide an alternative delivery address.
I was not expecting any parcel and I had never given that email address to anyone from that part of the world.
It was added as a blocked address to one of my filters and then deleted - unopened.
Make it a policy to treat everything curious, blank or sensational as dangerous and delete it without opening it (or at the very least quarantine it somewhere until you can verify by alternative means) that the email was intended.
Fear Scams
The same goes for fear.
Phishing scams love to generate a state of panic in the recipient.
Human nature tends to be less rational when panic sets in. These might use tricks like, your account has gone overdrawn/shut down or been seized/frozen/breached/violated/hacked/infiltrated. They come pretending to be your friend to help you in this disaster they've just alerted you to.
To inflame your state of panic they may even suggest that you have a very limited time to deal with this before your account will be deleted/frozen/seized.
There might be threats like "as you have failed to respond to all previous attempts to contact you and final warnings have been ignored, you will be charged if you do not resolve this outstanding debt before 4pm today".
Another - "Your personal details may have been stolen/illegally accessed - please use the link below to reset your password".
All specifically tailored to panic you into doing something rash like replying to the sender, telling them who you are and handing over personal information (to help them verify who you are - actually to help them steal your identity) and getting you handing over your account details and passwords.
If you receive an email that conjures fear and horror and panic then the first thing to do is distrust it.
What genuine organisation would do business by inspiring fear and panic through unexpected communications? More importantly, you should NEVER, EVER use the email links offered to contact your bank, lender, whoever. Always use the contact details provided by the subscribed organisation (such as the customer contact number on your credit/debit card itself or welcome letter when you first joined) to make contact and verify if the reported threat is real.
Copy Cats
Another trick (not restricted to email phishing) is to present a web page that looks anywhere from similar - to identical - to the real one but is actually false.
This is trying to lull you into a false sense of security that you are accessing the real thing.
So you bank online and don't know the phone number. This is one that can be protected against by developing certain habits online. Make a habit of comparing the web address in your usual link/favourite with the one along the bottom of the browser window.
If they are different be suspicious.
If you do this as a habit then you will be more likely to notice if it suddenly has changed or looks odd or incomplete or spelt wrong or is a different length.
In the long run these strategies will be more robust than simply changing your email address.
That approach will never help you to become alert to when that next email address becomes the target of a phishing attack. Thanks to your "friends" and contacts it is only a matter of time before you start receiving phishing attacks on that email address as well.
No comments:
Post a Comment