A person engages in online activities in a workspace, wearing a pirate-themed hat with a skull and c

Phishing Alert: The One Life-Saving Tip to Outsmart Hackers and Scammers (Personal and Business)

ByImuetinyan Matthew

95 percent of all data breaches for businesses or personnel are financial. There are bad actors out there (hackers and scammers) who are out there to cause you harm. Oftentimes, there is malicious intent may be behind that seemingly benign message from an old “friend” or some gift promotions. You are always at risk when you surf the internet.

It is important therefore to be aware of a few things that can help you keep safe from scammers and hackers.

Usually, there are a thousand and one tips that are available from Cybersecurity experts to help keep you safe. In this article, however, I will discuss the one Life-Saving tip that can help you stay ahead of cybercriminals.

But first of all, what exactly is a Phishing attack? Why should you care?

What exactly is Phishing?

Closeup image of mail with hook on top of keyboard.
Closeup image of mail with hook on top of keyboard.

Phishing is a type of cybersecurity attack where the hacker or scammer sends a message to trick the victim into handing over sensitive information or installing malicious software on their device.

The most common type of phishing you will see is through your email. It is usually a message that will require you to click on some link provided or demand that you fill out some sort of form to redeem some special offer, protect your account (supposedly from other hackers), or similar offers.

The goal is to steal vital personal or business data from you and then use that data for financial gains, business/service disruption, or reputational damage.

The scale of phishing attacks is enormous and can range from fake emails, calls, and deceptive websites to malicious links – sent via your Social Media account. 

One Golden Rule for Staying Safe From Phishing Attacks

Scammers and hackers are constantly evolving in their craft but for them to be successful, it will ultimately demand that you do either of two things (in general).

  1. Click on a link(malicious) in their message
  2. Fill out your details on a form they have provided. Those details may range from personal information, login details, social security numbers, credit card details, passwords, etc.

The Golden Rule to staying safe from a Phishing attack therefore demands

Think before you click. Never click on any link or fill out a form or login page for which you have not verified to be true

If you can obey this simple rule, the chances of becoming a victim of a phishing attack are slim for the hacker or scammer.

Your default mode of handling all communications with people online will be to NOT trust any link until you have verified them. Treat all links as suspicious. Only use them after you have established trust.

How to Inspect whether a Link is Suspicious or Not

Man suspiciously looking through magnifier
Man suspiciously looking through magnifier

Some pointers can give you a clue as to whether a link is malicious or not. These can range from the following

    1. The use of Hyphens and Symbols.- Most legitimate weblinks do not often use hyphens and symbols – why should they, they are clumsy and difficult to remember. Malicious sites or links on the other hand, often use hyphens and symbols to masquerade as the legit site. For example, amazon.com is good but amazon-buy.com is suspicious.
    2. Concealed URLs – These are red flags. The use of URL shorteners can be an indication that the hacker doesn’t want you to see the source of the link. You can see the source by just mousing over the link (not clicking). The same is true for links made up of just numbers (i.e. IP address), and no domain name e.g, http://101.10.1.121.Hackers use these to conceal malicious links
    3. Misspellings and Errors – This is always a giveaway sign that you are dealing with a suspicious link. e.g amazon.com is legitimate but amazen.com is suspicious.
    4. Domain Ending -The domain part of a link can give you insight as to whether a link is suspicious or not. Many hackers will cleverly manipulate this to resemble what the user is familiar with to avoid suspicion. This is what follows the “https://” of a link. For example, http://google.com/maps is legitimately an extension to google.com but http://google.com.cust_login.io is fraudulent. (the “.cust_login.io” is the real domain). “/” denotes an extension but “.” defines a different domain.
    5. Valid Certificate – You want to make sure that the site or link has a valid security certificate i.e. “https://” as opposed to “http://” This helps as many malicious links do not have a valid certificate.
    6. Use URL screeners – to check if links are malicious or not.

Trusted URL Screeners I Use to Analyze Suspicious Links

When it is not so obvious whether a link is suspicious or not, I usually use a URL Screener. It can save you a lot of headaches. You only simply need to copy the link (without clicking on it) and then paste it into the URL Screener. The ones I commonly use are as follows.

  1. https://www.virustotal.com/gui/home/url
  2. https://nordvpn.com/link-checker/

The report from these will tell you whether the link has been flagged as malicious or not.

Conclusion

Bottonlin is to think before you click on any link. Be suspicious of any message you receive from a source you have not verified. Make ample use of use of link screeners like the ones highlighted above. These will help you keep safe from scammers and hackers.

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *