While you may have heard of phishing by now, you may not have a crystal clear picture of what a phishing cyberattack would quite look like — or what to do if you’ve been targeted.
Hackers typically use phishing attempts to try to gain unwarranted access to sensitive and valuable information — whether a password or direct financial and personal details. Typically, the attacks come in the form of an email disguised as being sent from a reputable site with which you have an account. The email will ask you to update or adjust some kind of preference, leading you to click a link that could lead to the exposure of your private information.
There are steps you can take to protect yourself against phishing attacks — and to alert major companies to breaches so they can further investigate.
Secure Your Login Protocol
The first key is to make your login information as restrictive as possible. Part one of this process would be to use a distinct, unique password for each of your different online accounts. That way, if one of your accounts becomes exposed, the rest can remain securely locked under their own passcodes. If you use the same password across the board, one vulnerability increases risk all around.
You should also take advantage of any extra login verification layers offered by your different sites. This is most typically in the form of two-step verification. If you enable two-step verification, you have a second layer of security before gaining access to your account. After you type in your password, you’ll be taken to a new page that asks you to enter a code sent via SMS to your phone. Anyone without access to your phone won’t be able to get into the account. Touch ID and Face ID on mobile devices are also examples of increased verification protocols.
Be Discerning With Emails
This is probably the most important thing you can do to avoid a phishing attempt. The majority of major sites will not ask you for sensitive information via email. So be wary of any email you receive asking for this.
To be completely sure you’re not following a fake link from an email, don’t ever give information to a site if you didn’t reach it by going into the toolbar and typing in the direct URL. There are also browser extensions or built-in browser tools which can verify URLs.
Install Malware Protection
Often, a fake phishing link will introduce malware onto your computer as a means to gain access to accounts or information. Installing anti-malware protection on your computer is a preventative step to protect yourself in instances where you might accidentally click a bad link or do anything else that could introduce a virus onto your system.
Where To Report Phishing Emails
Because phishing attacks are quite common, many popular websites have dedicated protocols for how to report an attempt.
Netflix offers users a guide for how to report phishing emails that come through email or text. You can forward phishing emails along to [email protected] and include message header information. Netflix then advises deleting the email.
They also offer step-by-step instructions for forwarding an SMS phishing attempt to the same email.
Amazon also has an email dedicated to reporting phishing: [email protected]. The site asks you to attach phishing emails to a new email if possible (if not, you can forward), or just paste potentially suspicious links into a new email body.
Unlike Amazon, Spotify prefers you forward phishing emails rather than send as an attachment. The dedicated email is [email protected]. The company also suggests you delete the original email.
Facebook has a dedicated email for reporting phishing: [email protected]
Gmail also has phishing-reporting protocols built right into their interface. If you think an email you receive is fake, you can go to the message in your inbox, hit the down arrow next to Reply and choose “Report Phishing.”
Phishing attempts are sadly common, and anyone can be targeted. To best protect yourself, stay aware of signs to look out for, take precautionary measures, and consider reporting attacks to appropriate sites.