Phishing is the fraudulent act of someone trying to obtain your personal information by pretending to be a trusted entity. Personal information could be credit card details, passwords, or 2FA codes. These acts usually take place through email, SMS, or social media, and are often well disguised (incorrect formats, etc). Let’s take a look at a few examples of phishing.
The most common line of communication for phishing is via email. Bad actors have done well to disguise themselves and pose as a company through the use of formats, letterheads, and company imagery. Through the email, they try to get you to a fake website (that might look exactly like the real deal) to get you to enter your logins, which they can then obtain.
- Always check the email address from where the mail came from.
- Always check the links to see that they are in fact taking you to the site in question.
- Ideally, open the URL in your browser without following any links from the mail.
By following a faulty link you might end up on a fake website, where again bad actors can gain access to your login details. When entering sensitive information online, have a quick glance at the website address in the browser and look out for any “variations” to the original, like weird punctuation or deviations from the domain.com structure.
- Check the domain name.
- Try to avoid clicking on email links, rather open the site in your own browser.
- Bookmark websites that you use regularly (with sensitive information).
- Ensure websites that you are using are responsible for protecting your data.
- Look out for the lock icon in the browser, this indicates that the website is encrypted and in a secure mode.
Similar to those text messages informing you that you’ve won millions in a lottery you don’t remember entering, SMS phishing is the act of sending an SMS in the hopes that the receiver follows the link and divulges sensitive account information. Here is an example below.
- Avoid following the links in text messages, rather open the site in your browser yourself.
- Oobit will never text you for account information.
How To Avoid Phishing
We’ve listed a few ideas on how to specifically avoid phishing for each type above, but here are a few more ways to help you maintain that extra protection:
- Stay up to date on the latest phishing activities
- Install anti-virus software, this will alert you when you open an untrusted site
- Be wary of pop-ups, these can also be used as phishing agents
- Think before you click
What To Do If You Fall Victim To Phishing
If you happen to fall victim to a phishing scam (it happens), immediately change your email and password on the account the phishing scam got into. Be sure to use your browser to locate the website, and not follow any links from previous communications. Next, inform the company where you hold the account to let them know what happened, chances are you weren’t the only victim, and they might be able to alert others in time.
If you ever experience anything of this nature on Oobit, you can contact us immediately through the live chat feature in the app or email firstname.lastname@example.org.
Always ensure that you are using the most updated security software, and keep your eye out for key pointers mentioned above.