4 Rules to help prevent, identify and limit the damage of phishing attacks

Phishing attacks are a popular way to extract information from users, but it is a tool, not an ends in itself. Here we will see how to prevent phishing attacks and then how to organize your digital world to limit the damage of the phishing attacks. Employers should set an emphasis on informing and educating their employees in order to prevent attacks that might be dangerous to the whole company.

What is a Phishing website?

Simply put, a phishing website is a website that is pretending to be a usual website that you know, but in fact it’s not! It’s a copy, sometimes very good copies, that are there to extract your password/ username or other information that you would usually input to that website. They have different URL names like for facebook it could be faceb00k, 7acebook or doc.facebook-pay  or other names that may be hard to spot at first glance.

How to prevent Phishing attacks?

First and foremost, Phishing sites are not usually referenced by google, so most of the time they will be sent to you in an email or a social media link. So the first rule would be:

Rule Number 1: Don’t open suspicious links from Emails or on Social media

A good way to keep safe is to copy the keywords on google and open the link from the google search results. If someone is sending you a website for example: “thisisasite(.)com”, rather than clicking the hyperlink, type:” This is the site” on a search engine and click the results from there.

Rule Number 2: Always check the URL!

Checking the URL should be a habit to all internet users, it should be like brushing down your shoes before entering a house, you should check the URL before entering any information on a website. It helps in two ways, firstly is to identify the “bad URLs” but also knowing what the real URLs are and the day a .com becomes a .cc or .biz you will notice it and avoid the cyber-attack.

Rule Number 3: be careful of ads

Even the most renowned search engine “Google”, has flaws, and some small phishing websites have made their way to the “first page” of google through buying ads, for example thisisasite.biz (copy of thisisasite(.)com) can find a comfortable spot on the top of the search results in the “ads” section and therefore tricking hundreds of users to input their sensitive data. Not all ads are bad, most are normal ads and are not harmful to users. But it’s always the ones you don’t see that harm you the most…

Rule number 4: don’t keep all of your eggs in 1 basket.

Let’s imagine you have been compromised and your email / password has been found out, is your bank account connected to that email? What about your F2A? Is it also attached to that email? What about your other social media accounts, how many are attached to that email, probably a lot if it’s your primary email… Maybe today is the day to start to spread your information around to other accounts to mitigate the risk and not get totally compromised if your email / account gets hacked. In fact, we can go even further than this in our daily lives, what about having 2 bank accounts instead of 1, or even different F2A methods instead of just 1. Being unpredictable and having your information / apps scattered around makes yourself a harder target for hackers. This means that you should be careful and know where all your information is. But it’s a good way forward in acquiring a better cyber hygiene.

Other blog posts