What are your top 3 tips to help others avoid phishing scams?
Where there’s a breach, there’s a phish: If you hear of a data breach at a company of which you are a customer, either now or even in the distant past, beware, your details may have been leaked and phishing will ensue. Change your email password(s) immediately, use to-factor authentication where available and check whether your details have been leaked on http://www.haveibeenpwned.com/ (this is not a comprehensive dataset of emails but it does contain major data breaches and the excellent Troy Hunt updates it as and when he can).
Phishing is not just for email: increasingly, whilst phishing has been traditionally associated with malicious emails, this attack is now performed through social media networks. See my own experience on LinkedIn here (http://neirajones.blogspot.co.uk/2013/11/a-nice-man-wants-to-give-me-some-money.html) but of course criminals will capitalise on our tendency to share information, whether on twitter, Facebook or others. Don’t be fooled, don’t give away your trust to just anyone and check here
If in doubt, start from the right: DON’T just click on links you receive, just don’t. If it doesn’t look right, it probably isn’t, but criminals are becoming increasingly sophisticated and phishing can look very genuine… Hover on the links to see where they point to, what is displayed on screen is rarely the target location. So, as I said, start from the right hand most full stop such as in “genuinedomain.com” if “genuinedomain” is the correct spelling of a company you normally associate with, then OK, but if it looks like “genuinedomain.com.maliciousdomain.com” you’re in trouble! Don’t forget, look at the right hand most full stop… (of course, what comes after the right hand most full stop may point to a document in a specific directory in a genuine domain, but who’s to say that the owner of the domain hasn’t been hacked… Right, stop this paranoïa right now!)
Neira Jones FBCS | @neirajones | uk.linkedin.com/in/neirajones/
To find out more about our panel members visit the biographies page.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.