As phishers grow more sophisticated and try new avenues, it’s become even more important to know how to protect yourself from phishing. Here are more wise words based on an article from our multi-award-winning hosts, Heart Internet.
As more companies produce HTML-based emails that just ask you to click a link in an email, it can be difficult to identify legitimate emails from scams. It’s become second-nature to just assume that the link will take you to where you need to go.
You know to keep an eye out for certain scammers, and sometimes it’s so obvious, you think ‘why bother?’ But when a company you don’t expect to be compromised is suddenly sending you messages, you might panic and think that you just need to check, just need to click that link.
But there are a few things you can check before you click:
Check for identifiers
Most scammers don’t have all the data they need to perfectly spoof a company. Legitimate messages should always have your details, whether your name or your account number. If it seems to be missing something, don’t click the link.
Verify the link’s location
Before you click that link, hover over it. Or, if you’re on a mobile, press and hold the link to see the full URL. Is it going to the correct site? Are there any typos in the URL? Is it going to a suspicious-sounding file, like archive.pdf.rar?
If you have any doubts whatsoever about the link, don’t click it .
When you receive a notification, most sites will display it in your account section as well as send it to you via email – especially if it’s something important. Log into the site through your browser, and check to see if there’s a message there as well. If there isn’t, pat yourself on the back – that was a close call.
See who actually sent the message
The “From” might say the right company, but is the email address something else completely? Are there any slight misspellings (for example – paypal.co.uk versus paypai.co.uk)? Does it refer to a particular department that you don’t think would ever actually exist?
These are all obvious signs when you look closely at them, but if you give it a quick glance, you might not notice. So if there’s the faintest doubt, check all the details, from the email addresses to the Internet headers.
And even before you receive that email, there are a few things you can do to protect yourself:
Add Domain Privacy
It might cost a little more, but setting up Domain Privacy keeps your personal details out of the hands of scammers digging through WHOIS data. Once Domain Privacy is activated, whenever someone views your WHOIS data, they see a third party, and your name, address, email address, and telephone number are safe.
Nominet has free domain protection for your personal .uk, .co.uk, .org.uk, and .me.uk domains, but not for business domains, and we offer Domain Privacy for many gTLDs, both personal and business as an add-on to your hosting package.
Use a good modern browser to protect yourself from phishing
Most modern browsers alert you if you’re visiting a page identified as a potential threat, and will make you go through several steps before you proceed to that page. Make certain you update your browser to the latest version and that you have the security settings turned on.
It can take some time for a site to be flagged as dangerous, so don’t expect your browser to always save you.
Update your antivirus
With many spam emails, clicking the link will download a virus. If your antiviral software is up to date, it’ll catch it and put it in quarantine before it has a chance to cause any damage. Always make sure you have a strong antiviral and that it’s updated regularly.
Many modern antivirals also include browser add-ons that point out phishing sites and other scam websites, providing a second layer of protection on top of your browser’s security settings.