Security is a big concern in today’s culture. With everything being digital (and therefore hackable), it’s important to make sure you’re protecting yourself as much as possible from threats. Plus, it’s our responsibility as email marketers to exercise safe practices for subscribers too. As email is one of the most popular mediums, phishing is a common security threat that consumers face today. Here are 10 tips from industry experts on how to prevent phishing and keep your info secure.
What is Phishing?
Phishing is the fraudulent sending of emails under the guise of a reputable company with the goal of getting people to share personal information, such as passwords and credit card data.
With roughly 3.8 billion email users worldwide, it’s no surprise that phishers see email as an easy target. For them, it’s just a numbers game. The more people they try to scam, the higher the likelihood of their efforts being rewarded.
Email users are far from insulated from phishing attacks. An email address is one of the easiest pieces of data for someone to get their hands on (we’ve all heard of the underground practice of purchasing subscriber lists). With how simple it is for scammers to find and exploit email addresses, precautions must be taken.
How is Phishing So Rampant?
Crane Hassold is the Senior Director of Threat Research at Agari, and formerly a digital behavior analyst for the FBI. He’s been around the cybersecurity block. According to Hassold, “The thing I find fascinating about phishing is it’s really exploiting a very primal part of human behavior. It’s all about curiosity, trust, and fear. Those qualities are hardwired into humans, so a lot of protection against phishing has to do with conditioning yourself to look out for things that could be a red flag.”
Phishing is such a lucrative livelihood for scammers because it works by playing to people’s basic instincts. It’s these primal tendencies—which are all rooted in self-care and survival—that scammers exploit.
How to Prevent Phishing
1. Investigate every link’s final destination
We’re all email marketers here. Links, UTMs and redirects are sprinkled throughout every email we send. Same with emails that we receive. Just because a link is typed out and looks like a normal hyperlink doesn’t mean the destination is authentic.
To find out if a link is real, hover over it with your mouse and look at the link’s destination in the lower left corner of your browser. This is the real destination, regardless of what the text says.
Alternatively, you can type the URL manually into a new search bar.
2. Be cautious with shortened links
Scammers are like chameleons. They know how to mask their tactics by resembling actions that consumers are already familiar with… like shortening links.
Everyone’s clicked on a Bitly or Linktree link at some point—most likely on social media. Link shortening tools are popular for brands and users since they save character count and look cleaner than a long, messy slug.
Phishers are hip to this trend and employ it themselves. Watch out for shortened links anytime you’re tempted to click, as they might lead to a fake landing page.
3. Take “urgent” deadlines with a grain of salt
No legitimate company will ever ask for your personal data via email. If you see a message that’s trying to get you to take “urgent” action (aka, sending your personal info), call the company directly and ask. When it comes to your data, you’d rather be safe than sorry.
Always make account updates yourself or call the company using the number you find on their website (not the number the email provides—that could be fake too).
Scammers will impose bogus deadlines and will sometimes even use threatening tones in their messages. When you know it’s a phisher, mark that b.s. as spam and send it to the trash where it belongs.
4. Look for the “s” in https://website.com
Some websites start with http:// and others with https://. The “s” in the latter stands for secure and will show a little lock icon next to it. Those websites are safest for browsing and purchasing. Stick to secure websites whenever possible.
5. Change your passwords frequently
We know, we know. This can be a pain in the butt. “Don’t use the same password more than once,” they say. “Change them often,” they harp. Unless you work in IT or Security, you most likely use the same password, like your street name and kid’s birthday. The truth is, having a unique password for each account has never been easier.
There are reputable platforms available you can use to create strong passwords and store them for safekeeping, such as LastPass. Platforms like this one are seamless and reliable for keeping data secure.
6. Don’t allow remote access to your computer
Yep, it happens. Someone reaches out pretending to be from a well-known security firm and wants to help you install software protection on your computer.
1. Don’t install anything from an unverified source.
2. Especially don’t give that unverified source direct access to your computer. That’s a hard no-no.
7. Set up two-factor authentication
Many organizations offer two-factor authentication for an extra layer of security. Take advantage of this whenever possible so no one else can log in without needing your device.
8. Trust your gut instincts
If an email looks or feels off to you (even if you have very little reason to think so), trust your instincts. You’ve likely seen a garbage phishing email at some point, littered with typos and grammatical errors, unprofessional imagery, and just not a clean, crisp experience like you’d normally expect.
When an email or other interaction feels off to you, save yourself a potential headache and trust your gut.
9. Finally, use good judgement
This goes without saying, but it’s perfectly true. The best thing you can do to protect yourself against phishing attacks is plain and simple common sense.
Avoid the unknown. Don’t:
- Click unknown links
- Download unknown files or files from unknown sources
- Open attachments (even on social media) from untrusted sources
10. Report phishing attempts
In email, this is as easy as forwarding the poorly executed attempt to get your personal information to the proper authorities.
If You Think You’ve Been Scammed
Change your passwords immediately—email accounts, financial institutions, your computer login, Facebook, everything. The sooner you can lock them out and slow their progress, the better.
If you think your banking information is at stake, call your bank and let them know asap. They’ll be on high alert for odd account activity.
Use a trusted security software to scan and scrub malware from your computer.
Full credit goes to https://www.emailonacid.com/blog/article/industry-news/how-to-prevent-phishing/