How to avoid phishing

Your passwords and login credentials are valuable to you – and cybercriminals. Imagine crooks having access to all of your email, social media accounts or even your online bank.

If something is valuable, you can be certain that it arouses criminal attention. They’re out to get you. Why me, one could ask. That is not quite the right question. They’re targeting a lot of people, not just somebody specific. When you cast your phishing net wide and far, you will eventually catch something.

What is phishing?

Phishing is sending mail where the scammer pretends to be a trustworthy party to lure the recipients into giving out their passwords, credit card details or some other sensitive information. This information is used to gain access to the deceived person’s email, social media accounts, or at worst – money.

How do criminals phish you?

Phishing scams are often initiated by an email that looks like it would be coming from a legitimate source. Don’t be fooled by the graphic design. Duplicating a legitimate email’s design is trivial. Frankly, duplication is easier than designing a credible email from scratch.

The email probably looks legit, yet the links are where it gets dangerous. The links are usually crafted to deceive you to believe they are going to a legitimate site, but they are often going to a site that has a misleading address. When they have lured you into the fraudulent site, they fool you into entering your login credentials. They store the credentials harvested from the fake site and use them to log in on the real site.

If you are running a respectable internet security suite, it can protect you from entering the fraudulent site, if it is a known malicious site. If the site is unknown and has no reputation, you need to be vigilant.

How to avoid getting fooled

Pay attention to the sender and why they are contacting you. Is it someone who you’d think have a good reason to contact you? (For example, a bank would never contact you to “confirm your passwords” or whatever the phishing email claims.) 

Look closely where the links in the email are leading. Most email programs show the link destination when you hover over the link. Is the link really pointing to a legitimate site or is something phishy going on? 

legitimatebusinessaddress.com, leg1timatebusinessaddress.com, 1egitimatebusinessaddress.com look somewhat same, don’t they? The differences can be even subtler. The characters  ⁄ and / look the same, but they are two different characters. (Look closely!)

Note the tone in the message. The scammers often use shock and sense of urgency to lure you into doing something against your better judgement. For example, if your bank would send you a message saying that you’d need to identify yourself to stop a breach on your account, you’d be worried. 

Thinking more carefully, why would your bank do that? They wouldn’t, but the shock of your money being in danger and the urgency to react right away might deceive you into panicking and giving out your banking credentials.

Avoiding online scams

To avoid getting phished, you need to be smart and vigilant. Think before you click. Learn to recognize what’s real and what’s fake. If something seems shocking and unbelievable, it just might be fake.

A good internet security suite such as F-Secure SAFE will block known malicious sites, so it is your first line of defense. Nothing can replace good old-fashioned common sense, though.

Choose F-Secure SAFE internet security suite for worry-free online life. You can try it 30 days for free. 

Try free for 30 days

Get started with SAFE  in just a few minutes – try it free for 30 days, no credit card required.