Phishing – How to stay safe
Security tools and warnings
In our previous article (Phishing – what is it?) we explained what phishing is and how people who try to scam you work. There are ways to protect yourself from phishing attacks – it’s important to be vigilant and aware of what scammer messages might look like, but when that fails too, it’s good to have some browser features on your side to help protect you, your data and your device
Let’s start with how can you tell the real and fake messages apart:
- Pay attention to the address from which the message was sent
The email addresses from which phishing emails are sent are meant to imitate the addresses of the companies they are impersonating. While they may be similar, you should be on the lookout for unusually long addresses or typos. If you are unsure about an address – contact the real service provider’s hotline for confirmation.
- Make sure you have used the services of that company
If you don’t recall using a company that contacts you – trust your intuition. Most likely, someone is trying to scam you. Again, it’s a good habit to find the company’s contact information and make sure everything is in order.
To make your browsing sessions more secure, Opera has introduced a solution called Sitecheck. It aims to compare the addresses you visit with a list of sites known for phishing. If your browser tells you the site is unsafe – trust the browser, and do not proceed.
If you take proper care to secure your browser and the accounts you log into, you are less vulnerable to attacks, even if you accidentally click a suspicious link. If you don’t already, strongly consider using these:
- Password manager – makes it easier to set unique and long passwords that are harder for hackers to crack, and you don’t have to worry about losing them, as they’ll be stored in one secure place.
- 2FA (two-factor authentication) – use it wherever it’s available. This way, your account cannot be logged into until you confirm your identity on another device that only you have access to.
- U2F Security Key – because the key is bound to the real site, a fake website, no matter how sophisticated, will not be able to authenticate you using your key. That way, even if you are tricked into believing it is a real site, you will be stopped during the login process.
Stay alert while surfing the web
The best tool you can use against phishing is your own vigilance. Make sure you browse the web safely by always doing the following:
- Check the address or number messages come from.
- Confirm (by contacting the company directly) that the company intended to contact you.
- Use the security tools available in your browser and computer (2FA, password manager, browser warnings).
- Beware when sensitive data is requested from you – company employees will never ask you for data such as a password.
There are many security features you can use and actions you can take to protect yourself from phishing, but the most important one is not clicking on links that you are unsure of. And now, when phishing messages are becoming more and more clever, it’s worth taking the time and extra steps to protect yourself and your computer.