2016 has seen a tremendous rise in the phishing attacks that affected millions of people across the globe. The new survey report from Anti-Phishing Working Group (APWG) reveals Phishing Attacks has broken all records.
2016 experienced over 250 percent rise in Phishing Attacks
According to the report, APWG observed 466,065 phishing websites in Q2’2016 alone which are over 250 percent more as compared to the previous year 2015 which reported 289,371 phishing websites.
Researchers at APWG said that they always see a surge in phishing attacks during the holiday seasons, but the number of phishing sites disturbingly kept growing, and it is a serious concern for all.
What are Phishing Attacks?
Phishing is an online tactic used by cybercriminals to steal sensitive information from their victims. They carry out phishing attacks via deceptive emails and messages which impersonate brands and organizations to fool them into entering their sensitive information and login credentials. Needless to say, phishing attacks are something that we should be aware of because they aren’t going to eliminate soon.
How To Protect Yourself Against Phishing Attacks?
Luckily, there are simple and best practices that can help you to keep safe against such phishing attacks which are described here.
1. Be Smart when you suspect a phishing email
You can reduce your chances of being exposed to the risk by being sensible and smart while surfing the web especially email checking and web browsing. You wouldn’t want to your email account exposed and leaked like the Hillary Clinton’s email address. To mitigate the risks, you should never click on the suspicious link, download, or open email attachments or social media websites, even if it appear to be from a trusted organization.
To make sure if the link is secure:
- Hover the mouse over to the link and see its naked URL whether it is redirecting you to the original domain.
- Nowadays, cybercriminals hijack the expired subdomains of a website (e.g. hxxp://ABC.xyz.com) and then redirects users to a phishing page, so always check if the subdomain seems authentic or suspicious.
- Open a new tab and enter the parent domain manually (e.g. hxxp://ABC.xyz.com) and not the complete link received (e.g. hxxp://abc.xyz.com/az0et1e).
- Be wary from resetting your login credentials (phishing emails usually require you to reset login credentials, or threaten you to fine). Legitimate organizations such as Banks will NEVER ask you to provide private information unless you contact them yourself.
2. Avoid opening shortened URLs
Some phishing messages contain shortened URLs to mask their original link, especially over social media websites. Cyber criminals use URL shortening services like Bitly and others, to make you curious about opening the link and leads you to the fake site deliberately. To avoid falling into this trick, always have a skeptical mind.
- Check the written description of the link or naked link, then hover over it and look if it is redirecting you to the specified link? If not, then you should avoid opening the link.
- If you are concerned that it might be ‘most important’ for you, then open the link in ‘incognito’ mode. Incognito mode prevents websites from saving cookies and site files on your computer. So, you’d have a peek at what is inside that URL.
3. Go through suspicious looking emails twice
Most phishing emails people receive are usually full of typos, shows a sense of urgency with exclamation marks, and capital letters. It may also start with improper salutations like ‘Dear Customer’ or ‘Dear Sir/Madam’ with surprising content. Cyber criminals usually use such tactics to pass spam filters, grab people’s attention, and most importantly filter the ‘smart’ people.
4. Ignore emails with urgent deadlines and threats
As discussed above, legitimate organizations never ask you to provide sensitive information unless you specifically ask them yourself, or in the case when a data breach occurs which usually appears in the news. However, cyber criminals use the tactic of ‘threatening.’ The phishing emails often threaten you about account cancellation, notices of fine, and many other things.
- How to encounter them? Simply ‘Ignore’ such warnings, and if it appears from the company, you are taking services from, then contact them directly to confirm of such warning.
5. Always do secure web surfing
Always do the secure web surfing whenever you are connecting to the internet. Make a checklist of some features, for example:
- Check for website security level which is indicated by HTTPs certificate (a green lock icon next to the site) which means that the site is secured. It is recommended to use the ‘HTTPs Everywhere’ browser add-on by the Electronic Frontier Foundation (EFF).
- Use a best VPN service to encrypt all your internet traffic and protect your online identity from cyber criminals and other monitoring agencies.
If you are concerned that your computer or device has been compromised and redirects you to the spam website or shows spam pop-ups, then follow the guide about how to remove pop-ups, redirects, and other malware from Google.