Because phishing attacks are very successful, they are not going to cease anytime soon. Just like malware always finds new vulnerability points somewhere inside your computer operating system or software, phishing attackers are remarkably creative, making new kinds of email-sugarcoat to lure you into a con.
Phishing is often used as a starting point for a series of attacks. It usually involves hacked websites, text messages, or emails that contain fraudulent links or file attachments, which, when clicked, lead to the installation of malware downloaders. These downloaders, in turn, will connect to hacker-controlled servers and install different types of malicious code depending on the attacker’s needs. A successful phishing attack may cause devastating results, such as unauthorized purchases, identity theft, ransomware, etc.
Cybercrooks use attractive wording for their malicious links, for example, “great discounts” or “claim your gifts” or “unpaid invoice.” Attackers put a lot of expertise and resources to make their messages and links appear as legit and authentic as possible. Protecting against phishing attacks can be both easy and challenging at the same time. Most people know they should not click suspicious links or attachments in messages sent by someone they do not know, but on practice inattention and carelessness lead to problems. The dangerous email looks trustworthy or appealing enough to the point where you are less likely to develop caution.
Some fraudulent links may not immediately trigger an attack, but they lead you to malicious websites instead. The end purpose is to encourage you to give away personal or other sensitive information.
And then there is also the trait of persistence on the attackers’ part. Even if you have always avoided clicking any suspicious link so far, crooks persist and keep sending you different versions of phishing emails. They have the patience to wait until the time you finally slip up. This may happen if attackers decide to launch a spear-phishing attack. During such attacks, hackers try to collect as much info as possible on their victims. This way, attackers may pretend to be your friend or boss and send you a message you are waiting for. Please keep in mind that it only takes one unfortunate click to get the devastation started.
Fortunately, there are preventive measures to protect your computer from phishing attacks. The good news is that many of those measures are quite easy. There is no need to spend a whole lot of money on the most advanced antivirus software or install additional expensive hardware components onto your system. Follow the below recommendations to improve your chances of staying safe and secure from phishing attacks:
- Never click web links sent by any un-trusted source. Remember that dangerous links can be inserted not only into emails but also text messaging platforms like Skype or Facebook messenger.
- Do not visit suspicious websites. For example, torrent websites or porn websites. If you happen to land on one, never click any link there. The best thing to do in such a situation is to close the browser tab or window immediately.
- Avoid following links from search engine results when you want to log in to your online banking service. If you have to log in to your bank account or another online financial service, type the URL directly or use the bookmark.
- In case you need to open an email attachment from somebody, use extreme care by checking the attachment’s extension. Any file that comes with “.vbs”, “.exe”, or “.bat” extensions must be avoided. Please mind that attackers may also use images, video files, PDF, and MS Office files during their attacks. It is advised to use online scanners like VirusTotal to check all attachments.
- Be vigilant when asked to give sensitive information online. Financial institutions, including banks, almost never ask for account information in emails. When in doubt, make a phone call to get confirmation from the relevant organization.
- Use the spam-filter option in your email clients.
Read the implicit clues
If you receive an email that comes with an offer – one that requests to follow a link – when in fact you are not expecting any email from anybody you know, treat these emails and links with cautions. Read the contents carefully and determine whether the information makes sense or is relevant at all to your situation. If you don’t know the sender, ignore the email altogether.
Curiosity killed the cat
Almost every phishing email tries to exploit a primal trait of human behavior: curiosity. Phishing emails are almost always carefully written to lure you to a trap. Curiosity is not necessarily a negative trait. If you are curious about what is in the attachment, you should behave the same way about the intention of the email sender in the first place.
Standard security practices
At the end of the day, following standard security defense practices always help:
- Enable multifactor authentication for all possible online services.
- Delete social, email and other accounts you barely use.
- Create a robust data backup mechanism.
- If you decide to install applications, be committed to keeping them updated. This applies not only to antivirus software and the operating system but any application you have installed.
- Encrypt and protect your Internet traffic with the help of a VPN. Click here to read the comparison of the best two VPN services.
What to do if you are infected with a virus
In case the goal of phishers was to infect your computer, and this goal was achieved, there is always a factor of panic. Your emotions may overwhelm you when you understand your computer is infected. You suddenly may feel vulnerable and desperate. However, it is not the end of life, and your device can be cured. There are several things you have to do to remove the virus that infected your computer:
- Disconnect your device from the Internet and any internal computer network.
- Scan your device with an antivirus or/and antimalware solution.
- Create a backup (if you do not have any).
- Format all drives.
- Reinstall the operating system.
- Report the phishing attack to the police.