HOW TO AVOID PHISHING ATTACKS?

As part of your efforts to enhance your digital security, you may come across ill-intentioned parties or people who try to put you at risk. We call these people and actors "adversaries" or "attackers". When an attacker sends you an email or link that appears innocent but later appears malicious, it is called phishing.

Person trying to take your data
The phishing attack usually comes in the form of a message intended to convince you that:

- You click on the link;

- Opens an attached file;

- Install a program on your device; or

Enter your username and password on a website that is designed to look original.

Phishing attacks can trick you into exposing your passwords or installing malware on your device. Attackers can use this software remotely to take control of your device, steal certain information, or spy on you. 

This guide helps you identify phishing attacks when you see them and provides some practical steps to help you fight these attacks.

Types of phishing attack Anchor link

Phishing for passwords (also known as Credential Harvesting)

Web addresses attached to messages can go to destinations other than the one that appears in the address. On a computer, you can usually see the destination of the address by placing your mouse pointer over the link. But links can be masked by placing similar letters or by using site names that resemble well-known sites with a difference of only one letter, so that you convert to a web page that appears to follow an electronic service you are familiar with, such as Gmail or Dropbox. Typically, these fraudulent pages requesting login details are identical to the original pages, so you may not hesitate to enter your username and password. But if you did, you would have sent these details to the attacker.

So before entering any passwords look at the address bar at the top of your web browser. You will see the real address of the page, and if this address is contrary to the address of the website that you thought you were browsing, stop immediately! Remember that seeing the company logo on the page does not necessarily mean that it is the original page. Anyone can copy a logo or design and paste it on their page to fool you.

Some phishers use sites that look like popular web addresses to be able to trick you, for example, http: //wwwpaypal.com is different from (https://www.paypal.com/). Likewise, http: // www. Pa ypaI.com (with a capital “I” instead of a lowercase “l”) is different from (https://www.paypal.com/). Many people use specialized services to make a long web address easier to read or print, but the same technique can be used to mask malicious destinations. If you received a short web address like (t.co) popular on Twitter, try to check it at (https://www.checkshorturl.com/) to see its true destination.

Remember, it is easy to forge an email to show a fake destination. This means that looking at the sender's visible address is not sufficient to confirm that the email was actually sent by the person whose name appears.

Phishing bayonet (or router phishing) Spear phishing

Most phishing attacks rely on spreading a large network, so the attacker may send e-mails to hundreds of thousands of people claiming that the mail contains an interesting video, an important file, or details of a financial problem.

But sometimes a phishing attack is designed based on certain information the phishing knows about the victim, and this is called spear phishing. Imagine receiving an email from your uncle with a name saying it contains pictures of his children. Since Basim already has children, and it appears that the email is coming from his address, you open it and find an attached PDF file. When you open the attached file, you might find there are actually pictures of children with the name, but at the same time it is hiding by installing malware. On your device it helps to spy on you. It is not Uncle Basim who sent the e-mail, but rather an attacker who knows that you have an uncle named Basem (and that Basem has children). The file you opened up ran a PDF reading program but took advantage of a flaw in the program to run its code. That is, it showed you a PDF and at the same time downloaded malware on your computer. This software can copy the contact details of people you know as well as record what the microphone hears and the camera sees on your device.

The best way to protect yourself from phishing attacks is by not clicking on any links or opening any attachments. But since this advice is not practical for most people, here are some practical steps for countering phishing attacks. 

How can you help protect yourself from phishing attacks Anchor link

Make sure your software is always up-to-date

Phishing attacks that use malware often rely on vulnerabilities in other programs to be able to download malware onto your device. Usually, when a defect is detected, the software manufacturer releases an update that addresses the defect. This means that outdated software has a lot of widely known flaws that help install malware. Thus making sure your antivirus software is always updated reduces the risk of malware.

Use a traffic ferry manager with an auto top-up option

Passphrase- managing programs that automatically fill in passphrases keep a record of the sites and their passphrases.  While it is easy to track individuals with fake web pages requesting login details, passphrase management software cannot be spoofed in the same way. If you are using a passphrase management program (including the feature to save the passphrases in the browser) and this program refuses to automatically fill in the login details, you should stop for a moment and confirm the website you are browsing. Perhaps it is better to use a program that generates passphrases and thus you are forced to rely on the AutoFill feature, thus reducing the chances of you entering your passphrase on a fake site.

Verify emails with their senders

One way to confirm whether an email is phishing is to check it with the sender through other communication channels. If this email claims to be sent by your bank, do not click on the links in the mail. Instead, contact your bank, or open your browser and type the website address of your bank. Likewise, if your uncle sends you an email with attachments, contact him by phone and make sure that he actually sent you the pictures of his children before opening the attachments.

Open suspicious files on Google Drive

Some people expect to receive emails and attachments from people they don't necessarily know. For example, journalists usually receive multiple files from their sources. However, it can be difficult to ensure that the Word, Excel or PDF file does not contain malware.

In these cases, do not double-click the downloaded file. Instead, upload it to Google Drive or other online document readers. This will convert the file into an image or HTML file, which will almost certainly prevent it from installing malware on your device. If you are ready to learn new programs and willing to spend the time needed to prepare a new environment to read received mail and files, there are some operational systems designed to reduce the impact of malware. The system TAILS that runs on Linux operating systems erased itself after you use it. It also Qubes, another system on Linux, separating applications with caution so do not interfere with each other, thereby sharply from the impact of any malicious software. Both systems are designed to work on both desktop and laptop computers.

You can also put suspicious links and files on VirusTotal, an online service that scans files and links with multiple anti-virus engines and then reports the results. However, it is not a completely foolproof method, as antivirus often cannot detect modern malware or targeted attacks, but it is better than no verification at all. 

Any file or link that you upload to a public site such as VirusTotal or Google Drive can be viewed by any of that company’s employees, or even by anyone who has the right to access the website. If the information in the file is sensitive or very private, you may want to use another method of verification.

Use the Universal Second Factor (U2F) key when logging in

Some websites allow you to use a special standalone device with advanced features to avoid phishing attacks. These devices (or "keys") communicate with your web browser to confirm login details for the website. This is called the universal second factor (U2F) because the standard method is to request a second method of authentication - along with your passphrase - upon logging in. You can log in as usual, and then when asked, you connect the key to your computer or smartphone and press a button to log in. If you are visiting a phishing site, the browser will know not to log you in using the login details verified on the original site. This means that even if phishing tricked you and stole your passphrase, they would not be able to penetrate your account.

But this should not be confused with two-factor authentication in general, which may not provide protection from phishing.

Be careful with email instructions

Some phishing messages claim to be from a computer's technical support department or a tech company and ask you to respond by sending your password or allowing the "technician responsible for repairing your device" to access your device remotely or disable some security features on your device. The e-mail may give a false justification for the reason and importance of this request, for example by claiming that your email inbox has become full or that your device was vulnerable to hacking. Unfortunately obeying these false instructions can be very bad for your security. Be especially careful before giving anyone any technical data or obeying any technical instructions unless you are absolutely certain that the source is real and authentic.

If you have any doubt about any link or email that was sent to you, do not open this mail or click on the link before you take the precautions previously mentioned and before you are completely sure that it is not malicious software.

 

Comments

Post a Comment

Popular posts from this blog

STOP RECEIVING EMAILS: KNOW HOW

Image
  We are all annoyed to find that our mailbox is polluted with spam, unwanted emails from companies that are sometimes completely unknown to us. It's also very annoying to order on an e-commerce site and then be showered daily with newsletters that you don't even have time to open! Spam constitutes more than 70% of emails circulating on the web! 3 million spam emails are even sent every second! You are tired of receiving a mass of spam emails and want to put an end to them! Let me tell you how to simply stop spam and permanently clean your mailbox! If it's been a while since you cleaned your mailbox, take an hour or two to sort it out, it will be really useful to make your life easier on the long term! Unsubscribe from newsletters that do not interest you For newsletters (from known sites) that you no longer wish to receive, 2 possibilities: Individually click on the unsubscribe links of each newsletter concerned, or The simplest solution: simply place the newsletter in the
Read more

INTERNET SECURITY AND ITS NEED

Image
What Is Internet Security? Internet security are all those precautions that are taken to protect all the elements that are part of the network, such as infrastructure and information, which is usually the most affected by cyber criminals. Computer security is responsible for creating methods, procedures and standards that are able to identify and eliminate vulnerabilities in information and physical equipment, such as computers. This type of security has databases, files and equipment that prevent important information from falling into the hands of the wrong people. One of the best ways to stay protected on the internet is through antivirus, to understand them much better, enter our course on computer viruses and antivirus. Main Risks on the Internet Some of the things that cybercriminals seek to achieve through the internet are: Ø Information theft Ø Information damage Ø Attacks on systems or equipment Ø Identity fraud Ø Sale of personal data Ø Money theft
Read more

PARENTAL CONTROL IS ALL YOU NEED TO SAFE YOUR CHILD

Image
Today, the Internet has become an excellent tool for everyone, whether for work, entertainment or to get information on millions of things. The digital age has brought thousands of benefits, all of which make our life in general much easier. Now, like everything in life, although the Internet has positive things, you also have many other bad things that should be stopped using parental control of Protegent  total security software . Having children is an issue that can cause concern. Between parents they try to have functional tools that can make their life easier and that also, can keep their children safe. The risks of the Internet and the use of different digital platforms can make parents feel totally beside themselves, since they do not know how to keep their children out of these risks and have Protegent  internet security for their child In recent years, the smallest of the house have been exposed to different cyber risks, since it is becoming easier and easier to enter the p
Read more