What is phishing, and how can you protect yourself?
by Oliver Haslam
Phishing scams trick people into sending sensitive information like bank details or login credentials to a fake copy of a real site. Luckily, it’s pretty easy to stay safe. We'll show you how.
Phishing is a fraudulent attempt to trick people into providing sensitive information, like passwords and credit card numbers by pretending to be someone trustworthy. The scammer uses the claim to legitimacy as bait to catch their victims. For example, an email that claims to be from your bank and asks you to confirm your card details would be a phishing scam.
Phishing attacks aren't always done via email. Vishing (voice phishing) is an attempt to collect sensitive information over the phone. Smishing (SMS phishing) uses text messaging. But the goal of the attacker is always the same: to get personal information that could be used maliciously.
The foundation of protecting yourself from phishing attacks is a healthy dose of skepticism. At a young age, we're taught to say no to strangers. The same is true when it comes to phishing. If something sounds too good to be true, it probably is. Here are a few things you can do to protect yourself from phishing attacks:
Scrutinize unsolicited communication. If you weren't expecting to receive a large sum of money, for example, be suspicious of an email or text message that says you have.
Take your time. Some phishing scams are designed to scare you into acting before you've had a chance to think things through. The scammer is hoping you'll panic and fall into their trap.
Contact the company directly. Don't reply to a phishing email or use contact information it contains. To verify its authenticity, contact the company using their publicly available contact information.
Visit websites directly. Don't click any links in the email. Open your browser and visit the website yourself. That way, you'll know for sure that you're on the right website and not an imposter that looks the same.
Ask before opening attachments. If you receive an unexpected attachment, text or call the sender to make sure they're the one who actually sent it. A quick check upfront takes far less time than trying to recover from a scam after the fact.
Check for secure websites. Don't enter sensitive information like passwords or credit cards on unsecured websites. To make sure the website is secure, look for a padlock in your browser's address bar.
Of course, no matter how vigilant you are, it's possible to slip up. Maybe you're tired, distracted, or otherwise not paying attention. It can happen to anyone. A password manager with built-in phishing protection acts as a safety net for exactly those moments.
1Password is a password manager that generates, saves, and fills passwords for you. It also protects you from accidentally filling those passwords on fraudulent websites. It won't fill your Facebook password on facedook.com or your PayPal password on paypa1.com. And 1Password never gets tired or distracted. It's always vigilant.
Every 1Password account also includes Watchtower, which will alert you to sites you've saved that are not secure and to passwords that have been exposed in a security breach.
Phishing isn't usually personal. Scammers typically cast a wide net to see who bites. But some scams are targeted – at specific companies or organisations. It's known in the industry as spear phishing. You can protect your business the same way you protect yourself: vigilant skepticism. But there are some additional things you can do at your company:
Educate your employees. Your company is only as secure as its weakest point, so it's important to make sure everyone knows how to protect themselves – and the company – from phishing attacks. Share the list above with them.
Test ahead of time. Just like you conduct fire drills to be prepared for an actual fire, you can send test phishing emails and monitor the response to see where you need to improve before an actual phishing attempt occurs.
Filter email. An up-to-date content and spam filter is one of the best protections against phishing attacks. Scams immediately fail if they never reach anyone.
Despite everyone's best intentions, it can be difficult to make sure everyone is always following best practices at work. That's where a software solution can really help.
1Password is a great solution at home, and it also scales to meet the needs of the largest companies. Because 1Password won't fill passwords on fraudulent sites, you can be sure your employees are protected.
With 1Password Business, administrators can see who used passwords and when, which makes auditing and compliance a breeze. And every team member gets a free family account, so they can continue to practice secure habits at home.
Protecting against phishing attacks is like protecting against any other security issue. There are things we can all do to protect ourselves, but we don't have to do it alone. Always be on the lookout but use a password manager with phishing protection for those times when you aren't.