Hacking in real life is very different from their popular depiction in the trending media, Hackers don’t really have to break into some highly secured database to rob you off your money but simply talk you into it. How this is done is simple psychology. Cyber crooks take advantage of emotions like trust, urgency, negligence, empathy to name a few to rob you off.
Fiction Story Example:- Your best friend has gone for a vacation, it is almost the time for his boarding the flight when you suddenly notice an email in your inbox from a strange ID which goes something like this
“Hey, XYZ this side, I really need your help. Someone stole the bag containing my phone and wallet during the security check at the airport. I didn’t remember your contact number and was unable to login to my personal email account because I didn’t have my phone with me so I created this account on the fly. Can you please send me some money on XXXXXXXXXX account.”
You of course try to call your friend but since in reality his flight has already took off his phone is on airplane mode. Thus not reachable to you this further fuels you into believing that your friend really is in trouble. At this point being the good friend that you are you won’t mind willingly transferring money to the attacker.
Above is a classic example of a phishing attacks one of the most common cyber attack these days. Phishing attack occur when the attacker impersonates someone they are not usually an individual or brand that you trust and then trick you into sharing your personal information with them. The attack mentioned above in actuality is a relatively minor and a relatively less harmful attack. As at the end of the day you would have learned that you have been duped and at worse have been duped of a couple of bucks. The more dangerous attack will be when you are not aware of the attack happening and you part with your valuable information without even realizing. This is often done by “spoof” or clone a website completely and then lure people into parting with their personal information. The websites are often ones with great name and trust with the clients thus the people don’t mind sharing their information on that platform.
How to Avoid Phishing Attacks
1. Always check emails that you receive before acting
It is of course not possible for you leave your loved ones dangling in sticky situations or delete a text that may or may not have been from your boss. So always carefully check the mails you receive, for example in the situation describe above could have been remedied if the person would have tried to contact his friend through a voice or video medium and thought before acting.
2. Never open links provided in an email or messages (if this cannot be avoided make sure not to enter your personal information on that link)
Sketchy emails that looks legitimate often comes with easy link redirecting to some website. Though it is advised not to even open these pages, one cannot help but find themselves in situations where this is not an option. Here it is advised to go to that website manually through your trusty browser or at least not enter any of your personal information.
3. Legitimate Companies Don’t Ask for Personal Information Period
If a company is asking for your personal information to verify something it is most likely that it is a hoax in an attempt to steal your information. Incase the person on the other end seems legit make sur to call up the customer support to verify. Just make sure that the number you are calling is legitimate.
4. Never Keep Same or Similar Passwords
This advice is often thrown around and is actually a good practice to secure your accounts even if another one is compromised. You can use service provided by google to remember and suggest you strong passwords. You can even go up a notch and use paid services like Dashlane or LastPass to secure your passwords.
5. Double check the domain where you are asked to enter any sensitive information
Phishing attempts are often made by cloning a website’s look and feel and registering it at a domain which seems similar to the legitimate one to the unwary eye. Letters like “l” and “1”, “l” and “i”, “O” and “0” look exactly the same on the browser window thus will be impossible to detect. A way to avoid this is reading the domain name backwards as it will keep you from overlooking these letter. You can also copy and paste the domain on a word file and switch the font like “Source Sans Pro” where it is easy to distinguish between these letters.