Phishing (pronounced 'fishing') is where criminals attempt to steal our personal data - most often passwords and credit card information. No one wants to be a victim of a phishing attack. One of the most common questions we get from our clients is to confirm whether or not an email/text/telephone call is legitimate. There are five simple things you can do to avoid falling into one of the many traps engineered to trick you into sharing your sensitive information.
[1] CONFIRM DESTINATION OF EMBEDDED LINKS
We've all received emails of impending doom telling us how our cherished iTunes, Netflix, or credit cards will be suspended if we don't immediately update some sensitive information. CLICK HERE and be saved! My mom always said "look before you leap" and the same rule applies here. Confirm you are actually going where you think by carefully checking the spelling and full destination. If it is one of those short bit.ly links, just don't click on it. There are a few different ways to confirm the destination depending on which device we receive the message.
On a desktop computer, simply hover (move the mouse/trackpad until the pointer is) over the CLICK HERE link. Your internet browser pops up a full destination at the bottom left corner of your screen. On a Mac with Safari, be sure to have VIEW/SHOW STATUS BAR enabled or you won't see the destination link appear. The same trick works in emails of hovering over the link. This is not foolproof but it is a good quick-check as to where your link might be taking you.
For an iPhone or iPad, click and hold on the link. A popup will show you the full URL with options to Open, Add to Reading List, Copy and Share. On a newer device, be careful not to 3D touch (where you press harder on your click) that will automatically open the link in a pop out window.
With your Android device, try selecting COPY URL from your long-press menu. Again, look at the URL to be sure it will be going to the destination you expect without odd characters or a shortened URL.
[2] DO NOT CLICK ON A LINK TO PROVIDE SENSITIVE INFORMATION
There is never a good time to click on a link from a message/email to go to sites like your banking site or your Apple ID. Smart criminals make their sites look virtually indistinguishable from the real ones. Take the time to initiate the connection, whether it is a text, email, web link or even a telephone call.
[3] EMBEDDED FORMS IN EMAILS SHOULD BE AVOIDED
Have you ever had one of those email surveys sent to you where they ask a number of innocuous questions before they slip in some confidential ones as a way to follow up with you after? Your organization may send form-base emails to their staff, but before filling out one, be sure to confirm with someone at your work whether this particular request is valid. Even then, do not provide password or sensitive information. There is never a good time to share a secret.
[4] REVIEW PRIVACY POLICY
No one, especially me, likes to read that legal jargon that comes with some of the applications or sites we want to go to. We need to anyways, at least to the point of understanding what they will do with the information they gather on you. We are being watched and you don't need to go any further than doing some searching for a new item on the internet. Google will boldly show you ads for all of those specific products you looked at for days. Applications you download may also use your information and habits as a way they make more money. Tracking what you do, or sharing information you provide, or showing you ads, the companies are in business to generate revenue. Remember nothing is free. The site or app is required to tell you what they intend to do with your information. Be wary.
[5] USE EFFETIVE ANTI-PHISHING HARDWARE AT HOME AND AT WORK
I know that each time I get in my car, I click on my seatbelt. I am not planning on having a car accident but just in case I like to know I'm being as safe as possible. For the office, just ask if they have anything in place to help you out. If they don't, recommend that they do. For your home, invest in hardware, software or both to keep you secure. Also be sure to have your mobile devices using local Wi-Fi. Any protection you have in place on your network only works if you are actively using that network.
There is a reason your bank bombards you with security questions even when they initiate the call. Short of a face-to-face meeting, we must confirm the identity of those we are communicating with. By following the five steps discussed above, you can both confirm who you are corresponding with and maybe find out their intentions. Hardware and software can also help us be more confident in sharing sensitive information.