The three golden rules to ensure computer security are: do not own a computer; do not power it on and do not use it.” – Robert Morris

What is Phishing?

Phishing is a type of cyber fraud often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.

The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack or the revealing of sensitive information.

An attack can have devastating results. For individuals, this includes unauthorized purchases, the stealing of funds, or identity theft.

Email phishing scams

Email phishing messages are created carefully to mimic actual emails from the genuine organization. They use the same phrasing, typefaces, logos, and signatures to make the messages appear legitimate.

They also apply pressure by giving deadlines or threats which disarms due diligence and hence become easy prey.

Lastly, links inside messages resemble their legitimate counterparts but typically have a misspelt domain name or extra subdomains. (.com, .org, .net, etc.)

How to prevent phishing scams

• Vigilance is key. Watch out for spelling mistakes or changes in domain names.

• Two-factor authentication (2FA) is the most effective method for countering phishing attacks, as it adds an extra verification layer when logging in to sensitive applications.

• Strict password management policies. Change passwords at time intervals and do not use the same password for multiple applications.

• Educational campaigns can also help diminish the threat of phishing attacks by enforcing secure practices, such as not clicking on external email links.

Culled From The Ada Project Internet Safe Practices. Phishing attacks.