Australia is ranked ninth globally for phishing sites, an increasingly widespread and significant risk to individuals and organisations. Phishing scams involve extorting money and information from users and organisations by tricking them into disclosing personal and financial data. Phishing scams can occur across multiple platforms, from email to SMS, and even phone calls and letters. Recently, Australia was hit with a phishing scam that targeted mobile banking customers with a persistent and sophisticated SMS. Targeting ANZ users, the text sent out an ‘account notification’ or a “verify your identity” alert which contained a link to a banking site that was almost identical, capturing user’s financial information. Once that data is in the hands of e-criminals, the potential damage is boundless.In order to stay safe and protected from dangerous phishing scams, follow these tips:
- Be sensible
Always be sensible and vigilant while browsing online and checking your emails, especially if an email is asking for confidential information. Legitimate organisations usually don’t ask for this type of sensitive information through emails, so flag those as soon as they are seen.
Be extra cautious when clicking on a link. If you are unsure about a particular link, open a new window and type the URL into the address bar.
- Watch out for shortened links
Shortened links are a common form of tricking you into clicking an illegitimate link. These are used to direct you to a fake site which can steal your personal details or carry out a drive-by-download attack, infesting your device with malicious malware. Place your mouse over a web link in an email to check if you are actually being sent to the website that appears in the email text before clicking.
- Suspicious email? Read it again
Phishing emails will generally be quite obvious as they are riddled with typos, wrongly placed capital letters and unnecessary exclamation marks. They may also address you in an impersonal way, such as ‘Dear Customer’ or ‘Dear Sir/ Madam’. Sometimes, mistakes are intentional as cybercriminals are trying to get past spam filters, improve responses and weed out the ‘smart’ recipients who won’t fall for the scam.
- Be wary of threats and urgent deadlines
In some cases, legitimate organisations will ask you to respond urgently. However, this can be a phishing email scam attempting to prompt you into making a hasty response. For example, the Heartbleed vulnerability gave cybercriminals the opportunity to create phishing scams by sending fake ‘password reset’ emails. Social media sites such as Facebook have also been targeted, to trick users into changing their password by clicking a link, which prompts an attack on the device.
Ignore these scare tactics and contact the company that the email claims it is originating from separately via a known and trusted channel.
- Browse securely with HTTPs
When browsing and submitting sensitive information such as credit card details, you should always use a secure website – this will be indicated by https:// and a security “lock” icon in the browser’s address bar.
As a golden rule when banking, shopping or entering information, never use public, unsecured Wi-Fias these networks can leave you vulnerable to an attack. If desperate, use your mobile internet connection instead.
With phishing scams becoming more complex and commonplace every day, popping up where you’d least expect it, such as a supposed Netflix email, it’s critical for Australians and businesses to stay ahead of the curve. Rather than learning how to avoid one particular email or attack, get your fundamental do’s and don’t’s right, so that any kind of phishing attack is prevented before it’s started. In case you don't spot them all, you'll also want to have internet security software installed, such as ESET Internet Security, to ensure that you have protection against phishing attempts while you're exploring online.
https://www.eset.com/au/home/products/internet-security/