Unfortunately there is no real cure for phishing attacks aside from paranoia-level vigilance on the case of the end user. This threat is like the flu — constantly evolving and changing attack approaches. Criminals can launch targeted phishing campaigns directed at employees of a certain organization — or expectant mothers. It’s a bit like a marketing campaign — a malicious, criminal marketing campaign.
There are numerous ways to take the bait: accessing public Wi-Fi, logging into a fake website or following a link in an e-mail promising exclusive Black Friday or Christmas deals. It’s impossible to enumerate all the cases.
In short, it’s easy to get infected. But how can users protect themselves?
1-Always check the link before clicking. Hover over it to preview the URL, and look carefully for misspelling or other irregularities.
2-Enter your username and password only over a secure connection. Look for the “https” prefix before the site URL, indicating the site it secure. If there is no “s,” beware.
3-Even if a message or a letter came from one of your best friends, remember that they could also have been fooled or hacked. That’s why you should remain cautious in any situation. Even if a message seems friendly, treat links and attachments with suspicion.
4-Messages from official organizations, such as banks, tax agencies, online shops, travel agencies, airlines, and so on, also require scrutiny. Even internal messages from your own office. It’s simply not that hard to fabricate a fake letter that looks like a real one.
5-Sometimes e-mails and websites look just like real ones. It depends on how well the criminals did their homework. But the hyperlinks, most likely, will be incorrect — with spelling mistakes, or they can redirect you to a different place.
6-It’s better not to follow links from e-mails at all. Instead you can open a new tab or window and enter the URL of your bank or other destination manually.
7-If you discover a phishing campaign, report it to the bank, the support desk of your social media network, or whatever other entity the phishing message claims to represent. Reporting really helps in the pursuit of criminals.
8-Avoid logging in to online banks and similar services via public Wi-Fi networks. Hotspots are convenient, but it’s better to use a mobile connection or wait to get to a secure network than to lose all of the money on your credit card or in your bank account. Open networks can be created by criminals who, among other things, spoof website addresses over the connection and thereby redirect you to a fake page.
9-Do not open unexpected files sent by you massively multiplayer online role-playing game comrades or other online buddies. They may be malicious ransomware or even spyware, just like attachments from official-looking e-mails. So be vigilant!
Kaspersky Lab Daily Blog. “10 Tips to Protect Yourself from Phishing.” Blog.kaspersky.com.