How to avoid getting scammed online | #socialmedia

Whether the internet has had a net positive effect on humanity is up for debate. Still, one aspect of life where there has been a phenomenal negative impact is personal security and privacy. For one, large corporations like Amazon and Google are always trying to find novel ways to squeeze every drop of data out of our online presence in the name of the bottom line.

On the flip side of the privacy and security coin is a group of people that takes that data collection much more seriously. Instead of letting you voluntarily sign away your privacy, these cybercriminals will do their best to steal the information from you and use it to benefit themselves at your expense.


What is phishing and how does it work?

Phishing is a type of attack that uses a combination of technical knowledge and social engineering to commit identity theft or some form of scam with the aim of stealing money from the victim. Hackers usually try to make you hand over sensitive information like credit card information, online banking login credentials, or social media credentials via social engineering.

There are also phishing attacks that target devices by getting victims to download software that contains malware in an effort to scrape that information from your system or take control of it using ransomware.

Usually, phishing attacks happen via email, but there are also vishing and smishing, which take place via voice calls and text messages, respectively.

What are the types of phishing attacks and how do you prevent them?

While phishing attacks can involve sophisticated software, they always require human interaction. To fall victim to a phishing attack, you almost always need to download software, click a link, pick up the phone, or give someone your information. The social engineering behind phishing scams is what makes them so successful, but it also gives us a chance to identify and stop them without much technical know-how.

Let’s look at some of the most common phishing techniques and how you can prevent them.

Spear phishing and email phishing

Email phishing and spear phishing are very similar concepts. In both situations, hackers pretend to be someone else—like a large company or service provider—and send emails to an individual insisting that they take some sort of action—usually logging in to a site or sending information to the hackers—to prevent some negative consequence or take advantage of some reward.

Source: Google

There is almost always a sense of urgency involved in these emails, and you’re likely to see something like, “If you don’t act on this email within two hours, your bank account will be frozen, and it will take 60 days to recover.” The sense of urgency compels victims to fall for the scams—since they’re scared of the consequences, they’re both more likely to act and less likely to spend time researching the information.

Spear phishing differs from regular email phishing in the way the scam is implemented. Regular email phishing is a broad, general email with little context or information about the victim. Spear phishing, on the other hand, targets a specific individual by using information scrubbed from social media or a data breach to personalize the email.

Spear phishing hackers usually send an email impersonating a trustworthy company that the victim uses or has made contact with before. More often than not, spear phishing emails contain malicious links that lead to convincing fake websites where the user must log in to resolve whatever issue is supposedly happening with their bank account or service. When the recipient logs in, the malicious website saves the victim’s credentials, and the perpetrator can use the login credentials and sensitive data as they please.

Spear phishing attacks can be more convincing—and thus successful—than regular email phishing methods that blast hundreds of emails at a time.

Another slight variation of email and spear phishing is clone phishing, which is when attackers send the victim a copy of an email the user has received before with altered links or attachments. The user already trusts the original sender, so they are less suspicious of this new email.

How to prevent email phishing and spear phishing

Cybercriminals that use these spoofing techniques to imitate legitimate entities will often claim to be Amazon, Microsoft, PayPal, or a credit card company. The email you receive is usually a convincing imitation of a legitimate email you might receive from one of these companies.

However, there are usually clues that the email is fake. The first thing to look for in a suspicious email is poor spelling and grammar, but there are other ways to identify a fraudulent email. It’s also helpful to know that Google’s Gmail does a fairly good job of warning you about fraudulent links if you click one.

The core principle of phishing prevention is to trust nobody. Suppose you get an unexpected or unsolicited email about a refund, banking issue, or similar online service that has your sensitive data. In that case, the best thing to do is ignore any links in the email.

If you are concerned, it’s best to reach out to the company via a familiar communication channel. For example, if you receive an email from your bank letting you know there is an issue with your account, go to your bank’s login page by typing the URL manually or accessing it from the bank site, or give the bank’s offices a call at a number you know. Under no circumstances should you open a link from an email and log in to your bank account from there unless you have verified the authenticity of the webpage first.

Another easy way to spot an email phishing scam is by looking at the email address. Usually, hackers cannot get access to actual bank domains, so they’ll often use something that looks close enough to the bank’s actual domain at first glance. If you look closely at the email address, you’ll notice that words are added where there shouldn’t be or letters are swapped around or substituted with numbers. You can avoid email-based phishing attacks by using automatic spam filters.

Phishing hurts the trust a company has earned with its users, so if you get phishing messages, it’s a good idea to report it to the company being impersonated.

Vishing and smishing are similar to email phishing campaigns, but they take place via calls and text messages. If you get a call or SMS from someone claiming they’re a company you work with and that there’s an issue they need you to solve immediately on the line, it’s best to ignore it and call the customer service line you have used before to validate that there is an issue and proceed from there. You can check the phone number, but be careful since bad actors will likely use a fake caller ID to trick you.

Content injection and malvertising attacks

Content injection, malvertising, and man-in-the-middle attacks are tough to combat since they rely heavily on the hackers compromising a third party—an advertisement host, ISP, or local network—meaning knowing about social engineering can only get you so far. Content injection involves a hacker gaining access to a website you’re visiting and changing the site to add a link that downloads some sort of malware onto your device or takes you to a site that tries to convince you to enter personal information that they will use to commit identity theft.

Malvertising uses vulnerabilities in browser components like Flash Player and Adobe PDF to download malware onto your PC. Often, these types of phishing attacks rely on the user installing malware on their system. Malware includes things like keyloggers that steal input data or ransomware that holds your data hostage in exchange for a fee. These links may appear in emails or ads, but phishers sometimes hide their malware in ordinary-seeming software.

How to prevent content injection and malvertising attacks

There are tools you can use and habits you can learn to make it less likely for scammers to succeed if they plant malicious software in an ad or webpage. First, disable automatic downloads on your computer and phone to eliminate that as a vulnerability. Second, install an ad blocker to prevent compromised ads from appearing in your browser. Last, always check links before you open them. Usually, you can hover over them with your mouse on a desktop to view the link. If the URL doesn’t seem right or redirects you to a different site you don’t know, it might be best to avoid opening the URL.

Another thing you can do to improve your cybersecurity is make sure you have antivirus software installed and enabled—the built-in security on Android, iOS, Windows, and macOS are serviceable. Plus, third-party options are available if you feel the built-in options aren’t sufficient. Ad blockers like uBlock Origin are a great tool to prevent malvertising attacks—if the ad doesn’t load, there is no chance for it to put malware on your system.

If you do things like online banking or work with sensitive private or corporate information, there are a few steps you should take, especially if you’re on a network you don’t trust.

Using a VPN is crucial to protect sensitive information on public networks since it hides your traffic from sniffers on the network. Still, it’s best to avoid using public Wi-Fi networks to do things involving sensitive information.

You can foil some keyloggers by using the on-screen keyboard instead of the hardware keyboard on your computer. Some banking applications and websites give you the option of using an on-screen keyboard built into the website since the default one that is baked into your PC might be easier for some keyloggers to read.

Cooler heads prevail

Staying safe on the internet isn’t difficult if you are aware of what you’re looking at and interacting with. If you follow the tips mentioned in this article and stick to trusted sites, you shouldn’t run into any security issues. Keeping your devices updated is also a great way to stay safe on the web.

If you’re looking to upgrade your phone, look at our picks for the best Android phones around. You could also switch to a privacy-centric browser like Tor, which is one of our picks for the best Android apps.

Original Source link

Leave a Reply

Your email address will not be published.

one + seven =