Phishing attacks offer great profitability for cybercriminals. And it is that although it may seem incredible, we still continue to fall into the trap of these scams that use digital identity theft to steal information, money, install malware or take control of the attacked systems.
Phishing competes with ransomware as the biggest threat in consumer computer cybersecurity and spreads across all types of platforms, desktop or mobile, or target segment, consumer or business, through increasingly sophisticated malware campaigns and highly effective, since it only requires that a part of the users fall for their “bait” and “bite” to obtain profitability.
And it is not only used in consumption. Business phishing (especially in mobility) increased by almost 40% in 2020 with regulated industries as the most targeted and healthcare, professional services and financial services topping a list that also includes manufacturing and government sectors.
8 tips against phishing attacks
Although phishing attackers are continually innovating to create new ways to trick victims, the good news is that exposure to these types of attacks can be limited by simply using common sense. CyberArk experts have offered a few simple steps to deal with this threat and these are the basic tips that we remind you from time to time because phishing attacks are reproduced week after week, which indicates high profitability.
1. Choose your digital friends well
Just like in real life, this tip is very practical in the digital world. If you receive a LinkedIn message or Instagram friend request from someone you don’t know, don’t reply, accept it, or click any links in the message.
2. Do not click on hyperlinks and links from an unverified source
And remember that even emails sent from known sources can cause problems: Malware, ransomware, and viruses can spread by scanning your device for other email addresses and then forwarding themselves to those addresses in supposedly “sent” messages. ” by you.
3. Urgent? Not so much
Many phishing emails and messages attempt to create a sense of urgency, causing the recipient to fear that their account or information may be compromised. So if you receive a suspicious email that appears to be from someone you know, it’s a good idea to contact that person directly. And if the email is from an organization but appears to be fraudulent, contact them through customer service to verify.
4. Say NO to personality quizzes and think twice about posting so much on social media
We already know that questionnaires are a fun way to kill time, but also the best way for attackers to obtain your personal data. Just like with your social media posts, think twice before posting too much. Cybercriminals can use all this personal information to take advantage of you and, even if you are not aware of it, you may be revealing data about your passwords.
5. Turn location off whenever possible
Attackers can use your location information to create phishing messages. Therefore, it is advisable that you disable location services when you are not using them so that it is more difficult for cybercriminals to see that information.
6. Protect your computer and mobile phone
US-CERT recommends installing antivirus software and firewalls on personal devices and making sure they are configured for automatic updates. It is also essential to separate the professional and personal use that you give to the devices, especially if you are teleworking. Remember not to use your business phone to surf the Internet, shop online, browse social networks or check your personal email.
7. Take back control of the spam folder
Although not all messages in the spam folder are phishing emails, many of them are. Spend time cleaning out your spam folder (or setting up filters to keep junk out of your inbox), and check out this list from CISA on how to reduce spam.
8. Protect your digital accounts with multi- factor authentication (MFA)
Passwords should be as long and complex as possible, and should never be used in more than one place. Many digital accounts, such as email, online banking, or social media, offer the ability to enable MFA to add an extra layer of protection to the login process.
