While the security landscape is always changing, one trend that remains top of mind is the threat of social engineering – more specifically, phishing.
Phishing is a fraudulent attempt made by a cybercriminal to obtain user information while disguised as a trusted source. Have you ever received an email stating you can “REDEEM $1,000,000 RIGHT NOW!” by simply clicking on a link? Yup, that’s a phishing scheme.
The threat of phishing isn’t new, but the sophistication of the attacks is. Hackers aren’t wasting any time taking advantage of the pandemic-related uptick in online shopping to steal consumers’ money and personal information. So, if you’re not being extra careful, you need to start.
This holiday season, Adobe Analytics predicts that millions of consumers will spend a record-breaking $189 billion on gifts. That’s why we’ve partnered with Rakuten to share our favorite tried-and-true tips on how you can sniff out cyber-schemes before you become a victim, and enjoy some Cash Back savings while you’re at it.
Investigate the source
While phishing can take form in a variety of mediums, even including password managers, the most common form of phishing is through email – which accounts for approximately 96% of all phishing scams. There are a few observations you can make to determine whether an email is legitimate or fraudulent:
- Do you recognize the sender? Take a look at their email address – especially the domain. Ensure the domain is from a source you trust, and if it is, double-check that it’s spelled correctly.
- Consider how you’re addressed in the email. A trusted source will likely use email automation technology that contains your contact information, so their email will address you by the name you gave them. Phishers, on the other hand, cluster a large amount of email addresses into one outbound email in the hopes of just catching one user, so they typically choose a vague greeting such as “Dear Sir/Madam”.
- Evaluate the call-to-action. What is the sender asking you to do? Asking you to download a file or click on an unverified link, for example, is a prime opportunity for a hacker to install malware on your device. Remember: if you need to act ” “RIGHT NOW!” to win an offer, chances are it’s too good to be true.
Bottom line: Avoid clicking on or downloading anything that seems even remotely suspicious.
Never provide your personal information
The motives for phishing are divided between financial and espionage. To avoid both, a simple best practice is to never provide your personal information online to a source you don’t trust. Many phishing schemes will try to get you to enter your credit card information or personally identifiable information (PII) in some way or another.
Before doing so, evaluate the source of the site. Ensure the URL begins with “HTTPS,” look for a security certificate, and confirm whether your anti-virus, anti-malware, or firewall software raises any red flags.
Have a remediation plan
In the event that you do fall victim to a phishing scheme, make sure you have a mitigation plan to detect and respond to the attack. You can do this by running a scan of your device with your anti-virus software to detect any malware, as well as contacting your credit card provider to put a freeze on your account(s).
Something else to cross off your to-do list? Change your passwords! Once your information has been compromised, prevent future access by leveraging a password generator tool, such as LastPass, to create a strong password that will be impossible for a cybercriminal to guess.
Use LastPass
Cybercriminals build fraudulent websites and offers that are similar to legitimate ones, with the goal of tricking users who accidently mistype the URL. This risk is eliminated through our LastPass Chrome extension, which navigates to the trusted webpage for you, since the URL is already saved in your vault. There’s no chance in mistyping the URL, because there’s no URL you need to type!
But how does LastPass determine whether a URL is authentic or not, you ask? Well, LastPass only stores login information for sites that you have saved in your vault. So, if you do happen to click on a phishing email, LastPass will not auto-fill your username and password because it’s not a site the product recognizes.
Therefore, if you don’t see the LastPass icons in the form fields for the site, you have one more helpful indicator that the site is fraudulent.
—
LastPass and Rakuten keep phishing at bay
Don’t risk being fooled by a cloned version of a legitimate retail website. Sign up for a LastPass plan with Rakuten and get 20% Cash Back towards your Big Fat Check from top holiday stores like Walmart, Macy’s, Best Buy, and more. If you’re not a member yet, join Rakuten for free, and earn a $10 Welcome Bonus on your first qualified purchase!
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
